> Enter [BeforeAll] test build annotations - /tmp/tmp.O2kCCFO8V9/tests/build/annotations.go:35 @ 05/02/26 05:06:21.891 < Exit [BeforeAll] test build annotations - /tmp/tmp.O2kCCFO8V9/tests/build/annotations.go:35 @ 05/02/26 05:06:23.302 (1.411s) > Enter [BeforeAll] when component is created with invalid build request annotations - /tmp/tmp.O2kCCFO8V9/tests/build/annotations.go:69 @ 05/02/26 05:06:23.302 < Exit [BeforeAll] when component is created with invalid build request annotations - /tmp/tmp.O2kCCFO8V9/tests/build/annotations.go:69 @ 05/02/26 05:06:33.429 (10.127s) > Enter [It] handles invalid request annotation - /tmp/tmp.O2kCCFO8V9/tests/build/annotations.go:89 @ 05/02/26 05:06:33.429 build status annotation value: {"message":"unexpected build request: foo"} < Exit [It] handles invalid request annotation - /tmp/tmp.O2kCCFO8V9/tests/build/annotations.go:89 @ 05/02/26 05:07:33.493 (1m0.064s) > Enter [AfterAll] test build annotations - /tmp/tmp.O2kCCFO8V9/tests/build/annotations.go:51 @ 05/02/26 05:07:33.494 < Exit [AfterAll] test build annotations - /tmp/tmp.O2kCCFO8V9/tests/build/annotations.go:51 @ 05/02/26 05:07:33.818 (324ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/annotations.go:24 @ 05/02/26 05:07:33.818 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/annotations.go:24 @ 05/02/26 05:07:33.818 (0s) > Enter [BeforeAll] test build secret lookup - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:32 @ 05/02/26 05:06:21.887 < Exit [BeforeAll] test build secret lookup - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:32 @ 05/02/26 05:06:24.508 (2.621s) > Enter [BeforeAll] when two secrets are created - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:100 @ 05/02/26 05:06:24.508 < Exit [BeforeAll] when two secrets are created - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:100 @ 05/02/26 05:06:24.648 (140ms) > Enter [It] creates first component - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:123 @ 05/02/26 05:06:24.649 Image repository for component component-one-ixyn in namespace build-e2e-bdei do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [It] creates first component - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:123 @ 05/02/26 05:06:34.789 (10.14s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:25 @ 05/02/26 05:06:34.789 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:25 @ 05/02/26 05:06:34.789 (0s) > Enter [It] creates second component - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:140 @ 05/02/26 05:06:34.789 Image repository for component component-two-rklp in namespace build-e2e-bdei do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component component-two-rklp in namespace build-e2e-bdei do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [It] creates second component - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:140 @ 05/02/26 05:06:54.986 (20.196s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:25 @ 05/02/26 05:06:54.986 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:25 @ 05/02/26 05:06:54.986 (0s) > Enter [It] check first component annotation has errors - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:158 @ 05/02/26 05:06:54.987 build status annotation value: {"message":"waiting for spec.containerImage to be set by ImageRepository with annotation image-controller.appstudio.redhat.com/update-component-image"} build status annotation value: {"pac":{"state":"error","error-id":74,"error-message":"74: Access token is unrecognizable by GitHub"},"message":"done"} < Exit [It] check first component annotation has errors - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:158 @ 05/02/26 05:07:00.122 (5.135s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:25 @ 05/02/26 05:07:00.122 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:25 @ 05/02/26 05:07:00.122 (0s) > Enter [It] triggered PipelineRun is for component - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:178 @ 05/02/26 05:07:00.123 PipelineRun has not been created yet for the component build-e2e-bdei/component-two-rklp PipelineRun has not been created yet for the component build-e2e-bdei/component-two-rklp PipelineRun has not been created yet for the component build-e2e-bdei/component-two-rklp < Exit [It] triggered PipelineRun is for component - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:178 @ 05/02/26 05:08:00.489 (1m0.367s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:25 @ 05/02/26 05:08:00.493 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:25 @ 05/02/26 05:08:00.493 (0s) > Enter [It] check only one pipelinerun should be triggered - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:193 @ 05/02/26 05:08:00.493 < Exit [It] check only one pipelinerun should be triggered - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:193 @ 05/02/26 05:10:00.494 (2m0s) > Enter [AfterAll] test build secret lookup - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:61 @ 05/02/26 05:10:00.494 < Exit [AfterAll] test build secret lookup - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:61 @ 05/02/26 05:10:02.083 (1.589s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:25 @ 05/02/26 05:10:02.084 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:25 @ 05/02/26 05:10:02.084 (0s) > Enter [BeforeAll] PaC component build - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:54 @ 05/02/26 05:06:21.685 < Exit [BeforeAll] PaC component build - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:54 @ 05/02/26 05:06:28.038 (6.353s) > Enter [BeforeAll] when a new component without specified branch is created and with visibility private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:117 @ 05/02/26 05:06:28.038 Image repository for component fj-test-custom-default-ahoync in namespace build-e2e-spsb do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component fj-test-custom-default-ahoync in namespace build-e2e-spsb do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] when a new component without specified branch is created and with visibility private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:117 @ 05/02/26 05:06:48.171 (20.133s) > Enter [It] correctly targets the default branch (that is not named 'main') with PaC - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:136 @ 05/02/26 05:06:48.171 < Exit [It] correctly targets the default branch (that is not named 'main') with PaC - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:136 @ 05/02/26 05:07:14.324 (26.153s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:14.324 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:14.324 (0s) > Enter [It] workspace parameter is set correctly in PaC repository CR - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:153 @ 05/02/26 05:07:14.324 < Exit [It] workspace parameter is set correctly in PaC repository CR - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:153 @ 05/02/26 05:07:14.45 (126ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:14.45 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:14.45 (0s) > Enter [It] triggers a PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:176 @ 05/02/26 05:07:14.451 PipelineRun has not been created yet for the component build-e2e-spsb/fj-test-custom-branch-hnnsvz < Exit [It] triggers a PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:176 @ 05/02/26 05:07:34.705 (20.254s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:34.705 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:34.705 (0s) > Enter [It] build pipeline uses the correct serviceAccount - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:191 @ 05/02/26 05:07:34.706 < Exit [It] build pipeline uses the correct serviceAccount - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:191 @ 05/02/26 05:07:34.706 (0s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:34.706 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:34.706 (0s) > Enter [It] component build status is set correctly - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:195 @ 05/02/26 05:07:34.707 build status annotation value: {"pac":{"state":"enabled","merge-url":"https://codeberg.org/konflux-qe/devfile-sample-hello-world-ssljbt/pulls/1","configuration-time":"Sat, 02 May 2026 05:07:13 UTC"},"message":"done"} state: enabled mergeUrl: https://codeberg.org/konflux-qe/devfile-sample-hello-world-ssljbt/pulls/1 errId: 0 errMessage: configurationTime: Sat, 02 May 2026 05:07:13 UTC < Exit [It] component build status is set correctly - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:195 @ 05/02/26 05:07:34.77 (63ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:34.77 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:34.77 (0s) > Enter [It] image repo and robot account created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:225 @ 05/02/26 05:07:34.77 < Exit [It] image repo and robot account created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:225 @ 05/02/26 05:07:35.837 (1.066s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:35.837 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:35.837 (0s) > Enter [It] created image repo is private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:243 @ 05/02/26 05:07:35.837 < Exit [It] created image repo is private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:243 @ 05/02/26 05:07:36.118 (281ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:36.118 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:36.118 (0s) > Enter [It] a related PipelineRun should be deleted after deleting the component - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:249 @ 05/02/26 05:07:36.119 < Exit [It] a related PipelineRun should be deleted after deleting the component - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:249 @ 05/02/26 05:08:17.887 (41.768s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:17.887 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:17.887 (0s) > Enter [It] PR branch should not exist in the repo - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:265 @ 05/02/26 05:08:17.887 < Exit [It] PR branch should not exist in the repo - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:265 @ 05/02/26 05:08:18.031 (143ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:18.031 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:18.031 (0s) > Enter [It] related image repo and the robot account should be deleted after deleting the component - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:278 @ 05/02/26 05:08:18.031 < Exit [It] related image repo and the robot account should be deleted after deleting the component - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:278 @ 05/02/26 05:08:18.892 (861ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:18.893 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:18.893 (0s) > Enter [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:306 @ 05/02/26 05:08:18.894 Image repository for component fj-test-custom-branch-hnnsvz in namespace build-e2e-spsb do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:306 @ 05/02/26 05:08:29.023 (10.13s) > Enter [It] triggers a PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:332 @ 05/02/26 05:08:29.023 PipelineRun has not been created yet for the component build-e2e-spsb/fj-test-custom-branch-hnnsvz < Exit [It] triggers a PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:332 @ 05/02/26 05:08:49.213 (20.19s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:49.214 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:49.214 (0s) > Enter [It] should lead to a PaC init PR creation - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:347 @ 05/02/26 05:08:49.214 < Exit [It] should lead to a PaC init PR creation - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:347 @ 05/02/26 05:08:49.419 (205ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:49.419 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:49.419 (0s) > Enter [It] the PipelineRun should eventually finish successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:365 @ 05/02/26 05:08:49.42 PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn found for Component build-e2e-spsb/fj-test-custom-branch-hnnsvz PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-frbjn reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:365 @ 05/02/26 05:17:49.693 (9m0.273s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:49.693 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:49.693 (0s) > Enter [It] image repo and robot account created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:371 @ 05/02/26 05:17:49.694 < Exit [It] image repo and robot account created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:371 @ 05/02/26 05:17:50.959 (1.265s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:50.959 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:50.959 (0s) > Enter [It] created image repo is public - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:390 @ 05/02/26 05:17:50.96 < Exit [It] created image repo is public - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:390 @ 05/02/26 05:17:51.268 (309ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:51.268 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:51.269 (0s) > Enter [It] image tag is updated successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:396 @ 05/02/26 05:17:51.269 Image tag quay.io/redhat-appstudio-qe/build-e2e-spsb/fj-test-custom-branch-hnnsvz:on-pr-be89fa4870f213273cbbca872b4efe1bed9a75cd successfully found in Quay < Exit [It] image tag is updated successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:396 @ 05/02/26 05:17:51.683 (414ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:51.683 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:51.684 (0s) > Enter [It] should ensure pruning labels are set - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:425 @ 05/02/26 05:17:51.684 < Exit [It] should ensure pruning labels are set - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:425 @ 05/02/26 05:17:52.384 (700ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:52.385 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:52.385 (0s) > Enter [It] eventually leads to the PipelineRun status report at Checks tab - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:439 @ 05/02/26 05:17:52.385 < Exit [It] eventually leads to the PipelineRun status report at Checks tab - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:439 @ 05/02/26 05:17:52.385 (0s) > Enter [AfterAll] when a new Component with specified custom branch is created - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:324 @ 05/02/26 05:17:52.385 < Exit [AfterAll] when a new Component with specified custom branch is created - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:324 @ 05/02/26 05:17:52.99 (604ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:52.99 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:52.99 (0s) > Enter [BeforeAll] when the PaC init branch is updated - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:454 @ 05/02/26 05:17:52.99 created file sha: 0993a0f359752ab85adcfdd98170eddbb69cea1e < Exit [BeforeAll] when the PaC init branch is updated - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:454 @ 05/02/26 05:17:54.492 (1.502s) > Enter [It] eventually leads to triggering another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:464 @ 05/02/26 05:17:54.493 PipelineRun has not been created yet for the component build-e2e-spsb/fj-test-custom-branch-hnnsvz < Exit [It] eventually leads to triggering another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:464 @ 05/02/26 05:18:14.682 (20.189s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:14.682 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:14.682 (0s) > Enter [It] should lead to a PaC init PR update - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:479 @ 05/02/26 05:18:14.682 < Exit [It] should lead to a PaC init PR update - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:479 @ 05/02/26 05:18:14.888 (206ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:14.888 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:14.888 (0s) > Enter [It] PipelineRun should eventually finish - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:498 @ 05/02/26 05:18:14.889 PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f found for Component build-e2e-spsb/fj-test-custom-branch-hnnsvz PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-pull-request-wnf4f reason: Succeeded < Exit [It] PipelineRun should eventually finish - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:498 @ 05/02/26 05:23:15.023 (5m0.134s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:23:15.023 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:23:15.023 (0s) > Enter [It] eventually leads to another update of a PR about the PipelineRun status report at Checks tab - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:504 @ 05/02/26 05:23:15.024 < Exit [It] eventually leads to another update of a PR about the PipelineRun status report at Checks tab - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:504 @ 05/02/26 05:23:15.024 (0s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:23:15.024 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:23:15.024 (0s) > Enter [BeforeAll] when the PaC init branch is merged - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:520 @ 05/02/26 05:23:15.024 merged result sha: acb422e7da3688b384b9e87b3f15f5b9e9b13f8d < Exit [BeforeAll] when the PaC init branch is merged - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:520 @ 05/02/26 05:23:18.184 (3.159s) > Enter [It] eventually leads to triggering another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:530 @ 05/02/26 05:23:18.184 PipelineRun has not been created yet for the component build-e2e-spsb/fj-test-custom-branch-hnnsvz < Exit [It] eventually leads to triggering another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:530 @ 05/02/26 05:23:38.385 (20.202s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:23:38.386 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:23:38.386 (0s) > Enter [It] pipelineRun should eventually finish - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:546 @ 05/02/26 05:23:38.386 PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v found for Component build-e2e-spsb/fj-test-custom-branch-hnnsvz PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Running PipelineRun fj-test-custom-branch-hnnsvz-on-push-wc82v reason: Succeeded < Exit [It] pipelineRun should eventually finish - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:546 @ 05/02/26 05:31:38.91 (8m0.524s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:31:38.91 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:31:38.91 (0s) > Enter [It] does not have expiration set - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:552 @ 05/02/26 05:31:38.911 < Exit [It] does not have expiration set - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:552 @ 05/02/26 05:31:39.302 (391ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:31:39.302 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:31:39.302 (0s) > Enter [It] After updating image visibility to private, it should not trigger another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:564 @ 05/02/26 05:31:39.303 found pipelinerun: fj-test-custom-branch-hnnsvz-on-push-wc82v waiting for one minute and expecting to not trigger a PipelineRun < Exit [It] After updating image visibility to private, it should not trigger another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:564 @ 05/02/26 05:33:47.769 (2m8.467s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:33:47.769 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:33:47.769 (0s) > Enter [It] image repo is updated to private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:595 @ 05/02/26 05:33:47.77 < Exit [It] image repo is updated to private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:595 @ 05/02/26 05:33:48.142 (372ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:33:48.142 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:33:48.142 (0s) > Enter [BeforeAll] when the component is removed - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:649 @ 05/02/26 05:33:48.144 < Exit [BeforeAll] when the component is removed - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:649 @ 05/02/26 05:33:53.914 (5.77s) > Enter [It] related image repo and robot accounts deleted - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:661 @ 05/02/26 05:33:53.914 < Exit [It] related image repo and robot accounts deleted - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:661 @ 05/02/26 05:34:00.075 (6.161s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:34:00.076 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:34:00.076 (0s) > Enter [It] purge PR is created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:679 @ 05/02/26 05:34:00.076 Found purge PR with id: 3 < Exit [It] purge PR is created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:679 @ 05/02/26 05:34:00.542 (466ms) > Enter [AfterAll] PaC component build - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:101 @ 05/02/26 05:34:00.543 < Exit [AfterAll] PaC component build - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:101 @ 05/02/26 05:34:07.906 (7.363s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:34:07.906 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:34:07.906 (0s) > Enter [BeforeAll] PaC component build - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:54 @ 05/02/26 05:06:21.686 < Exit [BeforeAll] PaC component build - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:54 @ 05/02/26 05:06:36.806 (15.12s) > Enter [BeforeAll] when a new component without specified branch is created and with visibility private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:117 @ 05/02/26 05:06:36.806 Image repository for component gl-test-custom-default-ehduxj in namespace build-e2e-aljs do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gl-test-custom-default-ehduxj in namespace build-e2e-aljs do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gl-test-custom-default-ehduxj in namespace build-e2e-aljs do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] when a new component without specified branch is created and with visibility private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:117 @ 05/02/26 05:07:07.813 (31.007s) > Enter [It] correctly targets the default branch (that is not named 'main') with PaC - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:136 @ 05/02/26 05:07:07.813 < Exit [It] correctly targets the default branch (that is not named 'main') with PaC - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:136 @ 05/02/26 05:07:43.813 (36s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:43.813 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:43.813 (0s) > Enter [It] workspace parameter is set correctly in PaC repository CR - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:153 @ 05/02/26 05:07:43.813 < Exit [It] workspace parameter is set correctly in PaC repository CR - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:153 @ 05/02/26 05:07:43.948 (135ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:43.948 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:43.948 (0s) > Enter [It] triggers a PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:176 @ 05/02/26 05:07:43.949 PipelineRun has not been created yet for the component build-e2e-aljs/gl-test-custom-branch-dgjivf < Exit [It] triggers a PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:176 @ 05/02/26 05:08:04.154 (20.205s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:04.154 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:04.154 (0s) > Enter [It] build pipeline uses the correct serviceAccount - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:191 @ 05/02/26 05:08:04.155 < Exit [It] build pipeline uses the correct serviceAccount - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:191 @ 05/02/26 05:08:04.155 (0s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:04.155 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:04.155 (0s) > Enter [It] component build status is set correctly - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:195 @ 05/02/26 05:08:04.156 build status annotation value: {"pac":{"state":"enabled","merge-url":"https://gitlab.com/konflux-qe/devfile-sample-hello-world-mbkhva/-/merge_requests/1","configuration-time":"Sat, 02 May 2026 05:07:43 UTC"},"message":"done"} state: enabled mergeUrl: https://gitlab.com/konflux-qe/devfile-sample-hello-world-mbkhva/-/merge_requests/1 errId: 0 errMessage: configurationTime: Sat, 02 May 2026 05:07:43 UTC < Exit [It] component build status is set correctly - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:195 @ 05/02/26 05:08:04.223 (68ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:04.224 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:04.224 (0s) > Enter [It] image repo and robot account created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:225 @ 05/02/26 05:08:04.224 < Exit [It] image repo and robot account created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:225 @ 05/02/26 05:08:05.286 (1.062s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:05.286 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:05.286 (0s) > Enter [It] created image repo is private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:243 @ 05/02/26 05:08:05.287 < Exit [It] created image repo is private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:243 @ 05/02/26 05:08:05.561 (274ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:05.561 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:05.561 (0s) > Enter [It] a related PipelineRun should be deleted after deleting the component - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:249 @ 05/02/26 05:08:05.562 < Exit [It] a related PipelineRun should be deleted after deleting the component - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:249 @ 05/02/26 05:08:27.393 (21.831s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:27.393 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:27.393 (0s) > Enter [It] PR branch should not exist in the repo - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:265 @ 05/02/26 05:08:27.394 < Exit [It] PR branch should not exist in the repo - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:265 @ 05/02/26 05:08:27.528 (133ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:27.528 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:27.528 (0s) > Enter [It] related image repo and the robot account should be deleted after deleting the component - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:278 @ 05/02/26 05:08:27.528 < Exit [It] related image repo and the robot account should be deleted after deleting the component - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:278 @ 05/02/26 05:08:28.387 (859ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:28.387 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:28.387 (0s) > Enter [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:306 @ 05/02/26 05:08:28.388 Image repository for component gl-test-custom-branch-dgjivf in namespace build-e2e-aljs do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:306 @ 05/02/26 05:08:38.526 (10.138s) > Enter [It] triggers a PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:332 @ 05/02/26 05:08:38.526 PipelineRun has not been created yet for the component build-e2e-aljs/gl-test-custom-branch-dgjivf < Exit [It] triggers a PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:332 @ 05/02/26 05:08:58.728 (20.203s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:58.728 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:58.728 (0s) > Enter [It] should lead to a PaC init PR creation - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:347 @ 05/02/26 05:08:58.729 < Exit [It] should lead to a PaC init PR creation - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:347 @ 05/02/26 05:08:58.927 (198ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:58.928 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:58.928 (0s) > Enter [It] the PipelineRun should eventually finish successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:365 @ 05/02/26 05:08:58.928 PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk found for Component build-e2e-aljs/gl-test-custom-branch-dgjivf PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-x2tlk reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:365 @ 05/02/26 05:17:59.063 (9m0.135s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:59.063 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:17:59.063 (0s) > Enter [It] image repo and robot account created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:371 @ 05/02/26 05:17:59.064 < Exit [It] image repo and robot account created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:371 @ 05/02/26 05:18:00.112 (1.048s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:00.112 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:00.112 (0s) > Enter [It] created image repo is public - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:390 @ 05/02/26 05:18:00.112 < Exit [It] created image repo is public - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:390 @ 05/02/26 05:18:00.388 (276ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:00.388 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:00.388 (0s) > Enter [It] image tag is updated successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:396 @ 05/02/26 05:18:00.389 Image tag quay.io/redhat-appstudio-qe/build-e2e-aljs/gl-test-custom-branch-dgjivf:on-pr-ec87afe636f77514636d2bcf6f285d3727bc27a8 successfully found in Quay < Exit [It] image tag is updated successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:396 @ 05/02/26 05:18:00.871 (482ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:00.871 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:00.871 (0s) > Enter [It] should ensure pruning labels are set - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:425 @ 05/02/26 05:18:00.871 < Exit [It] should ensure pruning labels are set - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:425 @ 05/02/26 05:18:01.486 (614ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:01.486 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:01.486 (0s) > Enter [It] eventually leads to the PipelineRun status report at Checks tab - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:439 @ 05/02/26 05:18:01.487 < Exit [It] eventually leads to the PipelineRun status report at Checks tab - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:439 @ 05/02/26 05:18:01.942 (455ms) > Enter [AfterAll] when a new Component with specified custom branch is created - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:324 @ 05/02/26 05:18:01.942 < Exit [AfterAll] when a new Component with specified custom branch is created - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:324 @ 05/02/26 05:18:02.091 (149ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:02.091 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:02.091 (0s) > Enter [BeforeAll] when the PaC init branch is updated - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:454 @ 05/02/26 05:18:02.092 created file sha: 1b86da3965526e1e874c536325044f64a8cf140b < Exit [BeforeAll] when the PaC init branch is updated - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:454 @ 05/02/26 05:18:02.885 (793ms) > Enter [It] eventually leads to triggering another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:464 @ 05/02/26 05:18:02.885 PipelineRun has not been created yet for the component build-e2e-aljs/gl-test-custom-branch-dgjivf < Exit [It] eventually leads to triggering another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:464 @ 05/02/26 05:18:23.087 (20.202s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:23.087 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:23.087 (0s) > Enter [It] should lead to a PaC init PR update - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:479 @ 05/02/26 05:18:23.088 < Exit [It] should lead to a PaC init PR update - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:479 @ 05/02/26 05:18:23.266 (178ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:23.266 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:18:23.266 (0s) > Enter [It] PipelineRun should eventually finish - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:498 @ 05/02/26 05:18:23.267 PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p found for Component build-e2e-aljs/gl-test-custom-branch-dgjivf PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-pull-request-xwb4p reason: Succeeded < Exit [It] PipelineRun should eventually finish - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:498 @ 05/02/26 05:23:23.409 (5m0.142s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:23:23.409 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:23:23.409 (0s) > Enter [It] eventually leads to another update of a PR about the PipelineRun status report at Checks tab - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:504 @ 05/02/26 05:23:23.41 < Exit [It] eventually leads to another update of a PR about the PipelineRun status report at Checks tab - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:504 @ 05/02/26 05:23:23.733 (324ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:23:23.734 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:23:23.734 (0s) > Enter [BeforeAll] when the PaC init branch is merged - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:520 @ 05/02/26 05:23:23.734 merged result sha: 96cf42d2baf2e53c1110d73e03b16dfdcc38aada < Exit [BeforeAll] when the PaC init branch is merged - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:520 @ 05/02/26 05:23:25.987 (2.253s) > Enter [It] eventually leads to triggering another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:530 @ 05/02/26 05:23:25.987 PipelineRun has not been created yet for the component build-e2e-aljs/gl-test-custom-branch-dgjivf < Exit [It] eventually leads to triggering another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:530 @ 05/02/26 05:23:46.19 (20.203s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:23:46.19 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:23:46.19 (0s) > Enter [It] pipelineRun should eventually finish - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:546 @ 05/02/26 05:23:46.19 PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg found for Component build-e2e-aljs/gl-test-custom-branch-dgjivf PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Running PipelineRun gl-test-custom-branch-dgjivf-on-push-bc2qg reason: Succeeded < Exit [It] pipelineRun should eventually finish - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:546 @ 05/02/26 05:33:06.407 (9m20.217s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:33:06.407 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:33:06.407 (0s) > Enter [It] does not have expiration set - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:552 @ 05/02/26 05:33:06.408 < Exit [It] does not have expiration set - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:552 @ 05/02/26 05:33:06.736 (328ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:33:06.736 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:33:06.736 (0s) > Enter [It] After updating image visibility to private, it should not trigger another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:564 @ 05/02/26 05:33:06.736 found pipelinerun: gl-test-custom-branch-dgjivf-on-push-bc2qg waiting for one minute and expecting to not trigger a PipelineRun < Exit [It] After updating image visibility to private, it should not trigger another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:564 @ 05/02/26 05:35:15.316 (2m8.58s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:35:15.316 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:35:15.316 (0s) > Enter [It] image repo is updated to private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:595 @ 05/02/26 05:35:15.317 < Exit [It] image repo is updated to private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:595 @ 05/02/26 05:35:15.653 (336ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:35:15.653 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:35:15.654 (0s) > Enter [BeforeAll] when the component is removed - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:649 @ 05/02/26 05:35:15.655 < Exit [BeforeAll] when the component is removed - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:649 @ 05/02/26 05:35:23.188 (7.533s) > Enter [It] related image repo and robot accounts deleted - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:661 @ 05/02/26 05:35:23.188 < Exit [It] related image repo and robot accounts deleted - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:661 @ 05/02/26 05:35:29.731 (6.543s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:35:29.732 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:35:29.732 (0s) > Enter [It] purge PR is created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:679 @ 05/02/26 05:35:29.732 Found purge PR with id: 3 < Exit [It] purge PR is created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:679 @ 05/02/26 05:35:29.953 (220ms) > Enter [AfterAll] PaC component build - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:101 @ 05/02/26 05:35:29.953 < Exit [AfterAll] PaC component build - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:101 @ 05/02/26 05:35:38.565 (8.612s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:35:38.565 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:35:38.565 (0s) > Enter [BeforeAll] component update with renovate - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:72 @ 05/02/26 05:06:21.79 ReleaseAdmissionPlan data: {"Mapping":{"Components":[{"Name":"gl-multi-component-parent-oajh","Repository":"quay.io/redhat-appstudio-qe/release-repository"}]}} < Exit [BeforeAll] component update with renovate - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:72 @ 05/02/26 05:06:48.304 (26.514s) > Enter [It] creates component with nudges - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:235 @ 05/02/26 05:06:48.305 Image repository for component gl-multi-component-child-oajh in namespace build-e2e-blya do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gl-multi-component-child-oajh in namespace build-e2e-blya do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gl-multi-component-parent-oajh in namespace build-e2e-blya do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [It] creates component with nudges - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:235 @ 05/02/26 05:07:22.056 (33.751s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:07:22.056 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:07:22.056 (0s) > Enter [It] triggers a PipelineRun for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:259 @ 05/02/26 05:07:22.057 PipelineRun has not been created yet for the component build-e2e-blya/gl-multi-component-parent-oajh PipelineRun has not been created yet for the component build-e2e-blya/gl-multi-component-parent-oajh PipelineRun has not been created yet for the component build-e2e-blya/gl-multi-component-parent-oajh < Exit [It] triggers a PipelineRun for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:259 @ 05/02/26 05:08:31.479 (1m9.422s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:08:31.479 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:08:31.479 (0s) > Enter [It] the PipelineRun should eventually finish successfully for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:274 @ 05/02/26 05:08:31.479 PipelineRun gl-multi-component-parent-oajh-on-pull-request-b4f67 found for Component build-e2e-blya/gl-multi-component-parent-oajh PipelineRun gl-multi-component-parent-oajh-on-pull-request-b4f67 reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-oajh-on-pull-request-b4f67 reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-oajh-on-pull-request-b4f67 reason: Cancelled attempt 1/3: PipelineRun "gl-multi-component-parent-oajh-on-pull-request-b4f67" failed: pod: gl-multi-component-parent-oajh-on-pull-request-k49zc-init-pod | init container: prepare 2026/05/02 05:09:05 Entrypoint initialization pod: gl-multi-component-parent-oajh-on-pull-request-k49zc-init-pod | container step-init: time="2026-05-02T05:09:08Z" level=info msg="[param] enable: false" time="2026-05-02T05:09:08Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T05:09:08Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T05:09:08Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T05:09:08Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T05:09:08Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T05:09:08Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T05:09:08Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T05:09:08Z" level=info msg="[result] NO PROXY: " New PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j found after retrigger for component build-e2e-blya/gl-multi-component-parent-oajh PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j found for Component build-e2e-blya/gl-multi-component-parent-oajh PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Running PipelineRun gl-multi-component-parent-oajh-on-pull-request-jf87j reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:274 @ 05/02/26 05:17:43.422 (9m11.942s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:17:43.422 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:17:43.422 (0s) > Enter [It] the PipelineRun should eventually finish successfully for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:285 @ 05/02/26 05:17:43.422 PipelineRun gl-multi-component-child-oajh-on-pull-request-s995m found for Component build-e2e-blya/gl-multi-component-child-oajh PipelineRun gl-multi-component-child-oajh-on-pull-request-s995m reason: Failed attempt 1/3: PipelineRun "gl-multi-component-child-oajh-on-pull-request-s995m" failed: pod: gl-multi-component-child-oajh-on-pull-request-s995m-init-pod | init container: prepare 2026/05/02 05:08:39 Entrypoint initialization pod: gl-multi-component-child-oajh-on-pull-request-s995m-init-pod | container step-init: time="2026-05-02T05:08:42Z" level=info msg="[param] enable: false" time="2026-05-02T05:08:42Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T05:08:42Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T05:08:42Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T05:08:42Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T05:08:42Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T05:08:42Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T05:08:42Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T05:08:42Z" level=info msg="[result] NO PROXY: " New PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn found after retrigger for component build-e2e-blya/gl-multi-component-child-oajh PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn found for Component build-e2e-blya/gl-multi-component-child-oajh PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: ResolvingTaskRef PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Running PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Running PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Running PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Running PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Running PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Running PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Running PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Running PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Running PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Running PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Running PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Running PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Running PipelineRun gl-multi-component-child-oajh-on-pull-request-4ndgn reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:285 @ 05/02/26 05:22:35.182 (4m51.76s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:22:35.182 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:22:35.182 (0s) > Enter [It] should lead to a PaC PR creation for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:289 @ 05/02/26 05:22:35.183 < Exit [It] should lead to a PaC PR creation for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:289 @ 05/02/26 05:22:35.384 (201ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:22:35.385 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:22:35.385 (0s) > Enter [It] Merging the PaC PR should be successful for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:307 @ 05/02/26 05:22:35.385 merged result sha: ebd1d1b0b6ee753c5aefed88779677de3f82466b for PR #1 < Exit [It] Merging the PaC PR should be successful for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:307 @ 05/02/26 05:22:37.303 (1.917s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:22:37.303 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:22:37.303 (0s) > Enter [It] create dockerfile and yaml manifest that references build and distribution repositories - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:318 @ 05/02/26 05:22:37.303 < Exit [It] create dockerfile and yaml manifest that references build and distribution repositories - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:318 @ 05/02/26 05:23:42.14 (1m4.837s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:23:42.141 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:23:42.141 (0s) > Enter [It] should lead to a PaC PR creation for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:358 @ 05/02/26 05:23:42.141 < Exit [It] should lead to a PaC PR creation for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:358 @ 05/02/26 05:23:42.354 (213ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:23:42.354 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:23:42.355 (0s) > Enter [It] Merging the PaC PR should be successful for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:375 @ 05/02/26 05:23:42.355 merged result sha: 07e6a7d8ef62c0cfbd6b7900f4992f733bf1ab73 for PR #1 < Exit [It] Merging the PaC PR should be successful for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:375 @ 05/02/26 05:23:44.432 (2.077s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:23:44.432 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:23:44.432 (0s) > Enter [It] PR merge triggers PAC PipelineRun for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:385 @ 05/02/26 05:23:44.433 Push PipelineRun has not been created yet for the component build-e2e-blya/gl-multi-component-parent-oajh < Exit [It] PR merge triggers PAC PipelineRun for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:385 @ 05/02/26 05:24:04.635 (20.203s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:24:04.636 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:24:04.636 (0s) > Enter [It] PAC PipelineRun for parent component is successful - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:401 @ 05/02/26 05:24:04.636 PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x found for Component build-e2e-blya/gl-multi-component-parent-oajh PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Running PipelineRun gl-multi-component-parent-oajh-on-push-gtt8x reason: Succeeded < Exit [It] PAC PipelineRun for parent component is successful - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:401 @ 05/02/26 05:33:24.772 (9m20.135s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:33:24.772 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:33:24.772 (0s) > Enter [It] should lead to a nudge PR creation for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:412 @ 05/02/26 05:33:24.772 < Exit [It] should lead to a nudge PR creation for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:412 @ 05/02/26 05:41:41.253 (8m16.48s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:41:41.253 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:41:41.253 (0s) > Enter [It] merging the PR should be successful for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:429 @ 05/02/26 05:41:41.253 merged result sha: 29cb42cf207dd4be809dcad15867c98bfa606604 for PR #3 < Exit [It] merging the PR should be successful for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:429 @ 05/02/26 05:41:42.445 (1.191s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:41:42.445 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:41:42.445 (0s) > Enter [It] Verify the nudge updated the contents - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:440 @ 05/02/26 05:41:42.445 Verifying Dockerfile.tmp updated to sha sha256:525a21dc5b209b6627bb52cd560ed5a40ff20fada90c76ae18354b4309bc60dacontent: FROM quay.io/redhat-appstudio-qe/build-e2e-blya/gl-multi-component-parent-oajh@sha256:525a21dc5b209b6627bb52cd560ed5a40ff20fada90c76ae18354b4309bc60da RUN echo hello < Exit [It] Verify the nudge updated the contents - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:440 @ 05/02/26 05:41:42.818 (373ms) > Enter [AfterAll] component update with renovate - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:214 @ 05/02/26 05:41:42.818 < Exit [AfterAll] component update with renovate - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:214 @ 05/02/26 05:41:58.6 (15.782s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:41:58.6 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:41:58.6 (0s) > Enter [BeforeAll] component update with renovate - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:72 @ 05/02/26 05:06:21.79 ReleaseAdmissionPlan data: {"Mapping":{"Components":[{"Name":"gh-multi-component-parent-gjgt","Repository":"quay.io/redhat-appstudio-qe/release-repository"}]}} < Exit [BeforeAll] component update with renovate - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:72 @ 05/02/26 05:06:27.103 (5.313s) > Enter [It] creates component with nudges - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:235 @ 05/02/26 05:06:27.103 Image repository for component gh-multi-component-child-gjgt in namespace build-e2e-fqgo do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gh-multi-component-child-gjgt in namespace build-e2e-fqgo do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gh-multi-component-parent-gjgt in namespace build-e2e-fqgo do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gh-multi-component-parent-gjgt in namespace build-e2e-fqgo do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [It] creates component with nudges - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:235 @ 05/02/26 05:07:07.812 (40.709s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:07:07.813 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:07:07.813 (0s) > Enter [It] triggers a PipelineRun for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:259 @ 05/02/26 05:07:07.813 PipelineRun has not been created yet for the component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun has not been created yet for the component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun has not been created yet for the component build-e2e-fqgo/gh-multi-component-parent-gjgt < Exit [It] triggers a PipelineRun for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:259 @ 05/02/26 05:08:11.752 (1m3.939s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:08:11.753 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:08:11.753 (0s) > Enter [It] the PipelineRun should eventually finish successfully for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:274 @ 05/02/26 05:08:11.753 PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh found for Component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: PipelineRunStopping PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: PipelineRunStopping PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: PipelineRunStopping PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: PipelineRunStopping PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: PipelineRunStopping PipelineRun gh-multi-component-parent-gjgt-on-pull-request-8lbkh reason: Failed attempt 1/3: PipelineRun "gh-multi-component-parent-gjgt-on-pull-request-8lbkh" failed: pod: gh-multi-component-parent-gjgt-on-pull-request-8lbkh-init-pod | init container: prepare 2026/05/02 05:08:28 Entrypoint initialization pod: gh-multi-component-parent-gjgt-on-pull-request-8lbkh-init-pod | container step-init: time="2026-05-02T05:08:31Z" level=info msg="[param] enable: false" time="2026-05-02T05:08:31Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T05:08:31Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T05:08:31Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T05:08:31Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T05:08:31Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T05:08:31Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T05:08:31Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T05:08:31Z" level=info msg="[result] NO PROXY: " New PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b found after retrigger for component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b found for Component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Running PipelineRun gh-multi-component-parent-gjgt-on-pull-request-6k25b reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:274 @ 05/02/26 05:22:03.577 (13m51.824s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:22:03.577 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:22:03.577 (0s) > Enter [It] the PipelineRun should eventually finish successfully for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:285 @ 05/02/26 05:22:03.578 PipelineRun gh-multi-component-child-gjgt-on-pull-request-x8pdz found for Component build-e2e-fqgo/gh-multi-component-child-gjgt PipelineRun gh-multi-component-child-gjgt-on-pull-request-x8pdz reason: Failed attempt 1/3: PipelineRun "gh-multi-component-child-gjgt-on-pull-request-x8pdz" failed: pod: gh-multi-component-child-gjgt-on-pull-request-x8pdz-init-pod | init container: prepare 2026/05/02 05:07:15 Entrypoint initialization pod: gh-multi-component-child-gjgt-on-pull-request-x8pdz-init-pod | container step-init: time="2026-05-02T05:07:41Z" level=info msg="[param] enable: false" time="2026-05-02T05:07:41Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T05:07:41Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T05:07:41Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T05:07:41Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T05:07:41Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T05:07:41Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T05:07:41Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T05:07:41Z" level=info msg="[result] NO PROXY: " New PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z found after retrigger for component build-e2e-fqgo/gh-multi-component-child-gjgt PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z found for Component build-e2e-fqgo/gh-multi-component-child-gjgt PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: ResolvingTaskRef PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Running PipelineRun gh-multi-component-child-gjgt-on-pull-request-m7m4z reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:285 @ 05/02/26 05:28:16.446 (6m12.868s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:16.446 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:16.446 (0s) > Enter [It] should lead to a PaC PR creation for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:289 @ 05/02/26 05:28:16.446 < Exit [It] should lead to a PaC PR creation for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:289 @ 05/02/26 05:28:16.689 (243ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:16.69 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:16.69 (0s) > Enter [It] Merging the PaC PR should be successful for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:307 @ 05/02/26 05:28:16.69 merged result sha: c2336c1f3ccedd65ac1b7f7e1938a92c20a8508e for PR #1 < Exit [It] Merging the PaC PR should be successful for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:307 @ 05/02/26 05:28:18.536 (1.846s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:18.536 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:18.536 (0s) > Enter [It] create dockerfile and yaml manifest that references build and distribution repositories - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:318 @ 05/02/26 05:28:18.536 < Exit [It] create dockerfile and yaml manifest that references build and distribution repositories - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:318 @ 05/02/26 05:28:23.217 (4.681s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:23.218 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:23.218 (0s) > Enter [It] should lead to a PaC PR creation for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:358 @ 05/02/26 05:28:23.218 < Exit [It] should lead to a PaC PR creation for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:358 @ 05/02/26 05:28:23.378 (160ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:23.378 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:23.378 (0s) > Enter [It] Merging the PaC PR should be successful for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:375 @ 05/02/26 05:28:23.379 merged result sha: 25ec6eef41c6c29ace468795c2e55d4b14166ec6 for PR #1 < Exit [It] Merging the PaC PR should be successful for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:375 @ 05/02/26 05:28:25.018 (1.639s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:25.018 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:25.018 (0s) > Enter [It] PR merge triggers PAC PipelineRun for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:385 @ 05/02/26 05:28:25.019 Push PipelineRun has not been created yet for the component build-e2e-fqgo/gh-multi-component-parent-gjgt < Exit [It] PR merge triggers PAC PipelineRun for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:385 @ 05/02/26 05:28:45.582 (20.563s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:45.582 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:45.582 (0s) > Enter [It] PAC PipelineRun for parent component is successful - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:401 @ 05/02/26 05:28:45.583 PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s found for Component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun has not been created yet for the Component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun has not been created yet for the Component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun has not been created yet for the Component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun has not been created yet for the Component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun has not been created yet for the Component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun has not been created yet for the Component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun has not been created yet for the Component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun has not been created yet for the Component build-e2e-fqgo/gh-multi-component-parent-gjgt PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Running PipelineRun gh-multi-component-parent-gjgt-on-push-c5w9s reason: Succeeded < Exit [It] PAC PipelineRun for parent component is successful - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:401 @ 05/02/26 05:44:46.271 (16m0.689s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:44:46.271 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:44:46.272 (0s) > Enter [It] should lead to a nudge PR creation for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:412 @ 05/02/26 05:44:46.272 < Exit [It] should lead to a nudge PR creation for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:412 @ 05/02/26 05:45:06.756 (20.484s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:06.757 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:06.757 (0s) > Enter [It] merging the PR should be successful for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:429 @ 05/02/26 05:45:06.757 merged result sha: 042b5b202bfb89efb6d19fc1f4c15a42f9ec88a0 for PR #3 < Exit [It] merging the PR should be successful for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:429 @ 05/02/26 05:45:08.2 (1.442s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:08.2 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:08.2 (0s) > Enter [It] Verify the nudge updated the contents - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:440 @ 05/02/26 05:45:08.2 Verifying Dockerfile.tmp updated to sha sha256:e38a91b5c3fdcb1375cb53d3bd0ef0b688014a4eded127a50eb10146884b6ba0content: FROM quay.io/redhat-appstudio-qe/build-e2e-fqgo/gh-multi-component-parent-gjgt@sha256:e38a91b5c3fdcb1375cb53d3bd0ef0b688014a4eded127a50eb10146884b6ba0 RUN echo hello < Exit [It] Verify the nudge updated the contents - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:440 @ 05/02/26 05:45:08.349 (149ms) > Enter [AfterAll] component update with renovate - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:214 @ 05/02/26 05:45:08.349 < Exit [AfterAll] component update with renovate - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:214 @ 05/02/26 05:45:20.857 (12.507s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:20.857 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:20.857 (0s) > Enter [BeforeAll] component update with renovate - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:72 @ 05/02/26 05:06:21.789 ReleaseAdmissionPlan data: {"Mapping":{"Components":[{"Name":"fj-multi-component-parent-byxd","Repository":"quay.io/redhat-appstudio-qe/release-repository"}]}} < Exit [BeforeAll] component update with renovate - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:72 @ 05/02/26 05:06:31.19 (9.401s) > Enter [It] creates component with nudges - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:235 @ 05/02/26 05:06:31.19 Image repository for component fj-multi-component-child-byxd in namespace build-e2e-grnp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component fj-multi-component-child-byxd in namespace build-e2e-grnp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component fj-multi-component-parent-byxd in namespace build-e2e-grnp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component fj-multi-component-parent-byxd in namespace build-e2e-grnp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [It] creates component with nudges - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:235 @ 05/02/26 05:07:11.467 (40.277s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:07:11.467 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:07:11.467 (0s) > Enter [It] triggers a PipelineRun for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:259 @ 05/02/26 05:07:11.468 PipelineRun has not been created yet for the component build-e2e-grnp/fj-multi-component-parent-byxd PipelineRun has not been created yet for the component build-e2e-grnp/fj-multi-component-parent-byxd PipelineRun has not been created yet for the component build-e2e-grnp/fj-multi-component-parent-byxd < Exit [It] triggers a PipelineRun for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:259 @ 05/02/26 05:08:32.094 (1m20.627s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:08:32.095 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:08:32.095 (0s) > Enter [It] the PipelineRun should eventually finish successfully for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:274 @ 05/02/26 05:08:32.095 PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 found for Component build-e2e-grnp/fj-multi-component-parent-byxd PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: ResolvingTaskRef PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: PipelineRunStopping PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: PipelineRunStopping PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: PipelineRunStopping PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: PipelineRunStopping PipelineRun fj-multi-component-parent-byxd-on-pull-request-wpcb4 reason: Failed attempt 1/3: PipelineRun "fj-multi-component-parent-byxd-on-pull-request-wpcb4" failed: pod: fj-multi-component-parent-byxd-on-pull-request-wpcb4-init-pod | init container: prepare 2026/05/02 05:08:52 Entrypoint initialization pod: fj-multi-component-parent-byxd-on-pull-request-wpcb4-init-pod | container step-init: time="2026-05-02T05:08:55Z" level=info msg="[param] enable: false" time="2026-05-02T05:08:55Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T05:08:55Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T05:08:55Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T05:08:55Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T05:08:55Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T05:08:55Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T05:08:55Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T05:08:55Z" level=info msg="[result] NO PROXY: " New PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw found after retrigger for component build-e2e-grnp/fj-multi-component-parent-byxd PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw found for Component build-e2e-grnp/fj-multi-component-parent-byxd PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: ResolvingTaskRef PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Running PipelineRun fj-multi-component-parent-byxd-on-pull-request-vz7dw reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:274 @ 05/02/26 05:21:45.195 (13m13.1s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:21:45.195 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:21:45.195 (0s) > Enter [It] the PipelineRun should eventually finish successfully for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:285 @ 05/02/26 05:21:45.196 PipelineRun fj-multi-component-child-byxd-on-pull-request-7nqpn found for Component build-e2e-grnp/fj-multi-component-child-byxd PipelineRun fj-multi-component-child-byxd-on-pull-request-7nqpn reason: Failed attempt 1/3: PipelineRun "fj-multi-component-child-byxd-on-pull-request-7nqpn" failed: pod: fj-multi-component-child-byxd-on-pull-request-7nqpn-init-pod | init container: prepare 2026/05/02 05:07:51 Entrypoint initialization pod: fj-multi-component-child-byxd-on-pull-request-7nqpn-init-pod | container step-init: time="2026-05-02T05:07:53Z" level=info msg="[param] enable: false" time="2026-05-02T05:07:53Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T05:07:53Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T05:07:53Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T05:07:53Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T05:07:53Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T05:07:53Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T05:07:53Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T05:07:53Z" level=info msg="[result] NO PROXY: " New PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g found after retrigger for component build-e2e-grnp/fj-multi-component-child-byxd PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g found for Component build-e2e-grnp/fj-multi-component-child-byxd PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: ResolvingTaskRef PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Running PipelineRun fj-multi-component-child-byxd-on-pull-request-blv7g reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:285 @ 05/02/26 05:27:38.261 (5m53.065s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:27:38.261 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:27:38.262 (0s) > Enter [It] should lead to a PaC PR creation for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:289 @ 05/02/26 05:27:38.262 < Exit [It] should lead to a PaC PR creation for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:289 @ 05/02/26 05:27:38.749 (487ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:27:38.749 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:27:38.749 (0s) > Enter [It] Merging the PaC PR should be successful for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:307 @ 05/02/26 05:27:38.75 merged result sha: 83d902c999294dda721a0e271fa2022f73aaed48 for PR #1 < Exit [It] Merging the PaC PR should be successful for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:307 @ 05/02/26 05:27:41.076 (2.326s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:27:41.076 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:27:41.076 (0s) > Enter [It] create dockerfile and yaml manifest that references build and distribution repositories - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:318 @ 05/02/26 05:27:41.077 < Exit [It] create dockerfile and yaml manifest that references build and distribution repositories - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:318 @ 05/02/26 05:27:49.741 (8.664s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:27:49.741 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:27:49.741 (0s) > Enter [It] should lead to a PaC PR creation for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:358 @ 05/02/26 05:27:49.742 < Exit [It] should lead to a PaC PR creation for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:358 @ 05/02/26 05:27:49.945 (203ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:27:49.945 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:27:49.945 (0s) > Enter [It] Merging the PaC PR should be successful for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:375 @ 05/02/26 05:27:49.946 merged result sha: 1a0457c33a4eddbf216cdc525b50a884b2a5fa14 for PR #1 < Exit [It] Merging the PaC PR should be successful for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:375 @ 05/02/26 05:27:52.317 (2.371s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:27:52.318 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:27:52.318 (0s) > Enter [It] PR merge triggers PAC PipelineRun for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:385 @ 05/02/26 05:27:52.318 Push PipelineRun has not been created yet for the component build-e2e-grnp/fj-multi-component-parent-byxd < Exit [It] PR merge triggers PAC PipelineRun for parent component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:385 @ 05/02/26 05:28:12.641 (20.323s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:12.641 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:28:12.641 (0s) > Enter [It] PAC PipelineRun for parent component is successful - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:401 @ 05/02/26 05:28:12.642 PipelineRun fj-multi-component-parent-byxd-on-push-726j9 found for Component build-e2e-grnp/fj-multi-component-parent-byxd PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: ResolvingTaskRef PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun has not been created yet for the Component build-e2e-grnp/fj-multi-component-parent-byxd PipelineRun has not been created yet for the Component build-e2e-grnp/fj-multi-component-parent-byxd PipelineRun has not been created yet for the Component build-e2e-grnp/fj-multi-component-parent-byxd PipelineRun has not been created yet for the Component build-e2e-grnp/fj-multi-component-parent-byxd PipelineRun has not been created yet for the Component build-e2e-grnp/fj-multi-component-parent-byxd PipelineRun has not been created yet for the Component build-e2e-grnp/fj-multi-component-parent-byxd PipelineRun has not been created yet for the Component build-e2e-grnp/fj-multi-component-parent-byxd PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Running PipelineRun fj-multi-component-parent-byxd-on-push-726j9 reason: Succeeded < Exit [It] PAC PipelineRun for parent component is successful - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:401 @ 05/02/26 05:45:12.776 (17m0.134s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:12.776 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:12.776 (0s) > Enter [It] should lead to a nudge PR creation for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:412 @ 05/02/26 05:45:12.777 < Exit [It] should lead to a nudge PR creation for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:412 @ 05/02/26 05:45:33.527 (20.75s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:33.527 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:33.527 (0s) > Enter [It] merging the PR should be successful for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:429 @ 05/02/26 05:45:33.527 merged result sha: b632e70ac61d643a40df382bb4c528302864c8e9 for PR #3 < Exit [It] merging the PR should be successful for child component - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:429 @ 05/02/26 05:45:35.759 (2.232s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:35.759 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:35.759 (0s) > Enter [It] Verify the nudge updated the contents - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:440 @ 05/02/26 05:45:35.76 Verifying Dockerfile.tmp updated to sha sha256:1f404e5d9519b2da548023d8943261589e8df2291c4a460a45291b2897394cabcontent: FROM quay.io/redhat-appstudio-qe/build-e2e-grnp/fj-multi-component-parent-byxd@sha256:1f404e5d9519b2da548023d8943261589e8df2291c4a460a45291b2897394cab RUN echo hello < Exit [It] Verify the nudge updated the contents - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:440 @ 05/02/26 05:45:36.146 (386ms) > Enter [AfterAll] component update with renovate - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:214 @ 05/02/26 05:45:36.146 < Exit [AfterAll] component update with renovate - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:214 @ 05/02/26 05:45:55.583 (19.437s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:55.583 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/renovate.go:28 @ 05/02/26 05:45:55.583 (0s) > Enter [BeforeAll] PaC component build - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:54 @ 05/02/26 05:06:21.685 < Exit [BeforeAll] PaC component build - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:54 @ 05/02/26 05:06:26.142 (4.457s) > Enter [BeforeAll] when a new component without specified branch is created and with visibility private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:117 @ 05/02/26 05:06:26.142 Image repository for component gh-test-custom-default-rgxwxn in namespace build-e2e-gfsr do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gh-test-custom-default-rgxwxn in namespace build-e2e-gfsr do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] when a new component without specified branch is created and with visibility private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:117 @ 05/02/26 05:06:46.282 (20.14s) > Enter [It] correctly targets the default branch (that is not named 'main') with PaC - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:136 @ 05/02/26 05:06:46.282 < Exit [It] correctly targets the default branch (that is not named 'main') with PaC - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:136 @ 05/02/26 05:07:53.063 (1m6.781s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:53.063 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:53.063 (0s) > Enter [It] workspace parameter is set correctly in PaC repository CR - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:153 @ 05/02/26 05:07:53.064 < Exit [It] workspace parameter is set correctly in PaC repository CR - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:153 @ 05/02/26 05:07:53.197 (133ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:53.197 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:07:53.197 (0s) > Enter [It] triggers a PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:176 @ 05/02/26 05:07:53.198 < Exit [It] triggers a PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:176 @ 05/02/26 05:08:13.466 (20.268s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:13.466 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:13.466 (0s) > Enter [It] build pipeline uses the correct serviceAccount - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:191 @ 05/02/26 05:08:13.467 < Exit [It] build pipeline uses the correct serviceAccount - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:191 @ 05/02/26 05:08:13.467 (0s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:13.467 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:13.467 (0s) > Enter [It] component build status is set correctly - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:195 @ 05/02/26 05:08:13.468 build status annotation value: {"pac":{"state":"enabled","merge-url":"https://github.com/redhat-appstudio-qe/devfile-sample-hello-world-yfhepj/pull/1","configuration-time":"Sat, 02 May 2026 05:07:48 UTC"},"message":"done"} state: enabled mergeUrl: https://github.com/redhat-appstudio-qe/devfile-sample-hello-world-yfhepj/pull/1 errId: 0 errMessage: configurationTime: Sat, 02 May 2026 05:07:48 UTC < Exit [It] component build status is set correctly - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:195 @ 05/02/26 05:08:13.556 (88ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:13.556 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:13.556 (0s) > Enter [It] image repo and robot account created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:225 @ 05/02/26 05:08:13.557 < Exit [It] image repo and robot account created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:225 @ 05/02/26 05:08:14.549 (992ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:14.549 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:14.549 (0s) > Enter [It] created image repo is private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:243 @ 05/02/26 05:08:14.549 < Exit [It] created image repo is private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:243 @ 05/02/26 05:08:14.855 (306ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:14.856 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:14.856 (0s) > Enter [It] a related PipelineRun should be deleted after deleting the component - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:249 @ 05/02/26 05:08:14.856 < Exit [It] a related PipelineRun should be deleted after deleting the component - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:249 @ 05/02/26 05:08:40.82 (25.963s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:40.82 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:40.82 (0s) > Enter [It] PR branch should not exist in the repo - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:265 @ 05/02/26 05:08:40.82 < Exit [It] PR branch should not exist in the repo - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:265 @ 05/02/26 05:08:40.978 (157ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:40.978 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:40.978 (0s) > Enter [It] related image repo and the robot account should be deleted after deleting the component - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:278 @ 05/02/26 05:08:40.979 < Exit [It] related image repo and the robot account should be deleted after deleting the component - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:278 @ 05/02/26 05:08:42.452 (1.474s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:42.452 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:08:42.453 (0s) > Enter [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:306 @ 05/02/26 05:08:42.453 Image repository for component gh-test-custom-branch-wtuska in namespace build-e2e-gfsr do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:306 @ 05/02/26 05:08:53.174 (10.721s) > Enter [It] triggers a PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:332 @ 05/02/26 05:08:53.174 PipelineRun has not been created yet for the component build-e2e-gfsr/gh-test-custom-branch-wtuska < Exit [It] triggers a PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:332 @ 05/02/26 05:09:13.374 (20.2s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:09:13.374 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:09:13.374 (0s) > Enter [It] should lead to a PaC init PR creation - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:347 @ 05/02/26 05:09:13.375 < Exit [It] should lead to a PaC init PR creation - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:347 @ 05/02/26 05:09:13.624 (249ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:09:13.624 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:09:13.624 (0s) > Enter [It] the PipelineRun should eventually finish successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:365 @ 05/02/26 05:09:13.624 PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 found for Component build-e2e-gfsr/gh-test-custom-branch-wtuska PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-p2948 reason: Failed attempt 1/3: PipelineRun "gh-test-custom-branch-wtuska-on-pull-request-p2948" failed: pod: gh-test-custom-branch-wtuska-on-pull-request-p2948-init-pod | init container: prepare 2026/05/02 05:09:45 Entrypoint initialization pod: gh-test-custom-branch-wtuska-on-pull-request-p2948-init-pod | container step-init: time="2026-05-02T05:09:47Z" level=info msg="[param] enable: false" time="2026-05-02T05:09:47Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T05:09:47Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T05:09:47Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T05:09:47Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T05:09:47Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T05:09:47Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T05:09:47Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T05:09:47Z" level=info msg="[result] NO PROXY: " New PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv found after retrigger for component build-e2e-gfsr/gh-test-custom-branch-wtuska PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv found for Component build-e2e-gfsr/gh-test-custom-branch-wtuska PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-tg9nv reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:365 @ 05/02/26 05:20:45.277 (11m31.653s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:20:45.277 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:20:45.277 (0s) > Enter [It] image repo and robot account created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:371 @ 05/02/26 05:20:45.278 < Exit [It] image repo and robot account created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:371 @ 05/02/26 05:20:46.328 (1.05s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:20:46.328 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:20:46.328 (0s) > Enter [It] created image repo is public - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:390 @ 05/02/26 05:20:46.329 < Exit [It] created image repo is public - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:390 @ 05/02/26 05:20:46.618 (289ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:20:46.618 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:20:46.618 (0s) > Enter [It] image tag is updated successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:396 @ 05/02/26 05:20:46.619 Image tag quay.io/redhat-appstudio-qe/build-e2e-gfsr/gh-test-custom-branch-wtuska:on-pr-5e62844f9d8a0616b9b3e66c920ddfbd41f08d66 successfully found in Quay < Exit [It] image tag is updated successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:396 @ 05/02/26 05:20:47.207 (588ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:20:47.207 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:20:47.207 (0s) > Enter [It] should ensure pruning labels are set - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:425 @ 05/02/26 05:20:47.208 < Exit [It] should ensure pruning labels are set - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:425 @ 05/02/26 05:20:47.756 (548ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:20:47.756 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:20:47.756 (0s) > Enter [It] eventually leads to the PipelineRun status report at Checks tab - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:439 @ 05/02/26 05:20:47.757 < Exit [It] eventually leads to the PipelineRun status report at Checks tab - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:439 @ 05/02/26 05:20:48.181 (424ms) > Enter [AfterAll] when a new Component with specified custom branch is created - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:324 @ 05/02/26 05:20:48.181 < Exit [AfterAll] when a new Component with specified custom branch is created - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:324 @ 05/02/26 05:20:48.248 (66ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:20:48.248 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:20:48.248 (0s) > Enter [BeforeAll] when the PaC init branch is updated - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:454 @ 05/02/26 05:20:48.248 created file sha: a42d6fc88c22ecec68ff52e50972cdf4cb5d37a9 < Exit [BeforeAll] when the PaC init branch is updated - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:454 @ 05/02/26 05:20:48.743 (495ms) > Enter [It] eventually leads to triggering another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:464 @ 05/02/26 05:20:48.744 PipelineRun has not been created yet for the component build-e2e-gfsr/gh-test-custom-branch-wtuska < Exit [It] eventually leads to triggering another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:464 @ 05/02/26 05:21:09.044 (20.301s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:21:09.044 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:21:09.044 (0s) > Enter [It] should lead to a PaC init PR update - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:479 @ 05/02/26 05:21:09.045 < Exit [It] should lead to a PaC init PR update - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:479 @ 05/02/26 05:21:09.241 (196ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:21:09.241 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:21:09.241 (0s) > Enter [It] PipelineRun should eventually finish - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:498 @ 05/02/26 05:21:09.241 PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 found for Component build-e2e-gfsr/gh-test-custom-branch-wtuska PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Running PipelineRun gh-test-custom-branch-wtuska-on-pull-request-mffm2 reason: Succeeded < Exit [It] PipelineRun should eventually finish - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:498 @ 05/02/26 05:26:49.627 (5m40.386s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:26:49.627 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:26:49.627 (0s) > Enter [It] eventually leads to another update of a PR about the PipelineRun status report at Checks tab - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:504 @ 05/02/26 05:26:49.628 expecting CheckRun status completed, got: in_progress < Exit [It] eventually leads to another update of a PR about the PipelineRun status report at Checks tab - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:504 @ 05/02/26 05:26:51.014 (1.386s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:26:51.014 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:26:51.014 (0s) > Enter [BeforeAll] when the PaC init branch is merged - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:520 @ 05/02/26 05:26:51.015 merged result sha: 70724eb8af44230cda044f2a59c0ab0c9256ca41 < Exit [BeforeAll] when the PaC init branch is merged - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:520 @ 05/02/26 05:26:52.566 (1.551s) > Enter [It] eventually leads to triggering another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:530 @ 05/02/26 05:26:52.566 PipelineRun has not been created yet for the component build-e2e-gfsr/gh-test-custom-branch-wtuska < Exit [It] eventually leads to triggering another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:530 @ 05/02/26 05:27:14.753 (22.187s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:27:14.753 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:27:14.753 (0s) > Enter [It] pipelineRun should eventually finish - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:546 @ 05/02/26 05:27:14.754 PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl found for Component build-e2e-gfsr/gh-test-custom-branch-wtuska PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun has not been created yet for the Component build-e2e-gfsr/gh-test-custom-branch-wtuska PipelineRun has not been created yet for the Component build-e2e-gfsr/gh-test-custom-branch-wtuska PipelineRun has not been created yet for the Component build-e2e-gfsr/gh-test-custom-branch-wtuska PipelineRun has not been created yet for the Component build-e2e-gfsr/gh-test-custom-branch-wtuska PipelineRun has not been created yet for the Component build-e2e-gfsr/gh-test-custom-branch-wtuska PipelineRun has not been created yet for the Component build-e2e-gfsr/gh-test-custom-branch-wtuska PipelineRun has not been created yet for the Component build-e2e-gfsr/gh-test-custom-branch-wtuska PipelineRun has not been created yet for the Component build-e2e-gfsr/gh-test-custom-branch-wtuska PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Running PipelineRun gh-test-custom-branch-wtuska-on-push-phtbl reason: Succeeded < Exit [It] pipelineRun should eventually finish - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:546 @ 05/02/26 05:44:55.077 (17m40.324s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:44:55.077 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:44:55.078 (0s) > Enter [It] does not have expiration set - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:552 @ 05/02/26 05:44:55.078 < Exit [It] does not have expiration set - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:552 @ 05/02/26 05:44:55.413 (335ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:44:55.413 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:44:55.413 (0s) > Enter [It] After updating image visibility to private, it should not trigger another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:564 @ 05/02/26 05:44:55.413 waiting for one minute and expecting to not trigger a PipelineRun < Exit [It] After updating image visibility to private, it should not trigger another PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:564 @ 05/02/26 05:46:57.745 (2m2.332s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:46:57.746 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:46:57.746 (0s) > Enter [It] image repo is updated to private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:595 @ 05/02/26 05:46:57.747 < Exit [It] image repo is updated to private - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:595 @ 05/02/26 05:46:58.161 (414ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:46:58.161 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:46:58.161 (0s) > Enter [BeforeAll] when the component is removed - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:649 @ 05/02/26 05:46:58.162 < Exit [BeforeAll] when the component is removed - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:649 @ 05/02/26 05:47:01.536 (3.374s) > Enter [It] related image repo and robot accounts deleted - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:661 @ 05/02/26 05:47:01.536 < Exit [It] related image repo and robot accounts deleted - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:661 @ 05/02/26 05:47:07.719 (6.183s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:47:07.719 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:47:07.719 (0s) > Enter [It] purge PR is created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:679 @ 05/02/26 05:47:07.72 Found purge PR with id: 3 < Exit [It] purge PR is created successfully - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:679 @ 05/02/26 05:47:07.933 (213ms) > Enter [AfterAll] PaC component build - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:101 @ 05/02/26 05:47:07.933 < Exit [AfterAll] PaC component build - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:101 @ 05/02/26 05:47:11.531 (3.598s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:47:11.531 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:28 @ 05/02/26 05:47:11.531 (0s) > Enter [BeforeAll] test pac with multiple components using same repository - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:40 @ 05/02/26 05:06:21.891 < Exit [BeforeAll] test pac with multiple components using same repository - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:40 @ 05/02/26 05:06:23.978 (2.087s) > Enter [It] creates component with context directory go-component - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:106 @ 05/02/26 05:06:23.979 Image repository for component go-component-seeoin in namespace build-e2e-wqrk do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [It] creates component with context directory go-component - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:106 @ 05/02/26 05:06:34.252 (10.274s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:06:34.253 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:06:34.253 (0s) > Enter [It] triggers a PipelineRun for component go-component-seeoin - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:125 @ 05/02/26 05:06:34.253 PipelineRun has not been created yet for the component build-e2e-wqrk/go-component-seeoin PipelineRun has not been created yet for the component build-e2e-wqrk/go-component-seeoin < Exit [It] triggers a PipelineRun for component go-component-seeoin - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:125 @ 05/02/26 05:07:14.545 (40.291s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:07:14.545 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:07:14.545 (0s) > Enter [It] should lead to a PaC PR creation for component go-component-seeoin - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:140 @ 05/02/26 05:07:14.546 < Exit [It] should lead to a PaC PR creation for component go-component-seeoin - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:140 @ 05/02/26 05:07:14.927 (381ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:07:14.927 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:07:14.927 (0s) > Enter [It] the PipelineRun should eventually finish successfully for component go-component-seeoin - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:159 @ 05/02/26 05:07:14.928 PipelineRun go-component-seeoin-on-pull-request-spsdd found for Component build-e2e-wqrk/go-component-seeoin PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Running PipelineRun go-component-seeoin-on-pull-request-spsdd reason: Failed attempt 1/3: PipelineRun "go-component-seeoin-on-pull-request-spsdd" failed: pod: go-component-seeoin-on-pull-request-spsdd-build-container-pod | init container: prepare 2026/05/02 05:09:26 Entrypoint initialization pod: go-component-seeoin-on-pull-request-spsdd-build-container-pod | init container: place-scripts 2026/05/02 05:09:27 Decoded script /tekton/scripts/script-1-w4kcf 2026/05/02 05:09:27 Decoded script /tekton/scripts/script-2-hwlz4 2026/05/02 05:09:27 Decoded script /tekton/scripts/script-3-qlbt5 2026/05/02 05:09:27 Decoded script /tekton/scripts/script-4-z2qgx 2026/05/02 05:09:27 Decoded script /tekton/scripts/script-5-gpvtc pod: go-component-seeoin-on-pull-request-spsdd-build-container-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/go-component-seeoin Executing: oras blob fetch --registry-config /tmp/use-oci.sh.HjR343/auth-RLnT2O.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/go-component-seeoin@sha256:99d434308cb649f4aaacd231e4e17d1cdd21e7e4f622648eade721bf6a39c132 --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/go-component-seeoin@sha256:99d434308cb649f4aaacd231e4e17d1cdd21e7e4f622648eade721bf6a39c132 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: go-component-seeoin-on-pull-request-spsdd-build-container-pod | container step-build: [2026-05-02T05:10:14,880610372+00:00] Validate context path [2026-05-02T05:10:14,883805079+00:00] Update CA trust [2026-05-02T05:10:14,884932514+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T05:10:19,082964062+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-02T05:10:19,089709009+00:00] Prepare system (architecture: x86_64) [2026-05-02T05:10:19,107391050+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/go-toolset:1.18.9-14... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:2a625e4afab51b49edb0e5f4ff37d8afbb20ec644ed1e68641358a6305557de3 Copying blob sha256:4a13c0e9217d70e608f2d5f5d3c5ffa6d9cd16908b3f83a7a97492d355d25a09 Copying blob sha256:0ab0ba77295aca9b12f463cb7198f0b8b6990b41151dbbd4e1b224fe85244b83 Copying blob sha256:e76793d6902ad1adb19ede3d720024cf0cd8427b3ff606554a4bcafba03dddf4 Copying config sha256:391a2eac28d98dc72726df1faa77db28f6899a77c91ad40f2bdad62baf041301 Writing manifest to image destination Storing signatures [2026-05-02T05:11:04,179323718+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-05-02T05:10:19Z", "com.redhat.component": "go-toolset-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.k8s.description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "io.k8s.display-name": "Go 1.18.9", "io.openshift.expose-services": "", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,golang,golang118,rh-golang118,go", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "Red Hat, Inc.", "name": "rhel9/go-toolset", "release": "14", "summary": "Platform for building and running Go Applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel9/go-toolset/images/1.18.9-14", "vcs-ref": "612aa521a3886be3be857538cd422f11c037afed", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.18.9", "org.opencontainers.image.revision": "612aa521a3886be3be857538cd422f11c037afed", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/sample-multi-component", "quay.expires-after": "5d", "org.opencontainers.image.created": "2026-05-02T05:10:19Z" } [2026-05-02T05:11:04,284030413+00:00] Register sub-man Adding the entitlement to the build [2026-05-02T05:11:04,287287897+00:00] Add secrets [2026-05-02T05:11:04,444146425+00:00] Run buildah build [2026-05-02T05:11:04,445313964+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=612aa521a3886be3be857538cd422f11c037afed --label org.opencontainers.image.revision=612aa521a3886be3be857538cd422f11c037afed --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --label quay.expires-after=5d --label build-date=2026-05-02T05:10:19Z --label org.opencontainers.image.created=2026-05-02T05:10:19Z --annotation org.opencontainers.image.revision=612aa521a3886be3be857538cd422f11c037afed --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --annotation org.opencontainers.image.created=2026-05-02T05:10:19Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.ChJkvh -t quay.io/redhat-appstudio-qe/build-e2e-wqrk/go-component-seeoin:on-pr-612aa521a3886be3be857538cd422f11c037afed . STEP 1/10: FROM registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 STEP 2/10: COPY . . STEP 3/10: RUN go mod download go: no module dependencies to download STEP 4/10: RUN go build -o ./main STEP 5/10: ENV PORT 8081 STEP 6/10: EXPOSE 8081 STEP 7/10: CMD [ "./main" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="612aa521a3886be3be857538cd422f11c037afed" "org.opencontainers.image.revision"="612aa521a3886be3be857538cd422f11c037afed" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/sample-multi-component" "quay.expires-after"="5d" "build-date"="2026-05-02T05:10:19Z" "org.opencontainers.image.created"="2026-05-02T05:10:19Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-wqrk/go-component-seeoin:on-pr-612aa521a3886be3be857538cd422f11c037afed --> 1f34c83cfd85 Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-wqrk/go-component-seeoin:on-pr-612aa521a3886be3be857538cd422f11c037afed 1f34c83cfd853f0efd1d96019d1cdc172651e3806e4f29d8bffe7492ea195f56 [2026-05-02T05:11:18,533783835+00:00] Unsetting proxy [2026-05-02T05:11:18,534958860+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 registry.access.redhat.com/ubi9/go-toolset:1.18.9-14@sha256:4e320bd8b62e406dfc567886aeab4914db125c73fe9ec308b306c72883101d51 Getting image source signatures Copying blob sha256:49b9a86341b1d23461b06cdf188b9a40347417d5a715184d745c1f89b36a8434 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying config sha256:1f34c83cfd853f0efd1d96019d1cdc172651e3806e4f29d8bffe7492ea195f56 Writing manifest to image destination [2026-05-02T05:12:36,759777703+00:00] End build pod: go-component-seeoin-on-pull-request-spsdd-build-container-pod | container step-push: [2026-05-02T05:12:37,521577237+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T05:13:00,199742154+00:00] Convert image [2026-05-02T05:13:00,200816472+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-wqrk/go-component-seeoin:go-component-seeoin-on-pull-request-spsdd-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-wqrk/go-component-seeoin:on-pr-612aa521a3886be3be857538cd422f11c037afed docker://quay.io/redhat-appstudio-qe/build-e2e-wqrk/go-component-seeoin:go-component-seeoin-on-pull-request-spsdd-build-container Getting image source signatures Copying blob sha256:49b9a86341b1d23461b06cdf188b9a40347417d5a715184d745c1f89b36a8434 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 pod: go-component-seeoin-on-pull-request-spsdd-build-container-pod | container step-sbom-syft-generate: pod: go-component-seeoin-on-pull-request-spsdd-build-container-pod | container step-prepare-sboms: pod: go-component-seeoin-on-pull-request-spsdd-build-container-pod | container step-upload-sbom: pod: go-component-seeoin-on-pull-request-spsdd-clone-repository-pod | init container: prepare 2026/05/02 05:07:48 Entrypoint initialization pod: go-component-seeoin-on-pull-request-spsdd-clone-repository-pod | init container: place-scripts 2026/05/02 05:07:49 Decoded script /tekton/scripts/script-0-8q8rt 2026/05/02 05:07:49 Decoded script /tekton/scripts/script-1-hrt5z pod: go-component-seeoin-on-pull-request-spsdd-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1777698482.0524802,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777698482.9946427,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 612aa521a3886be3be857538cd422f11c037afed (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1777698482.9946792,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777698483.0180292,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 612aa521a3886be3be857538cd422f11c037afed directly. pod: go-component-seeoin-on-pull-request-spsdd-clone-repository-pod | container step-symlink-check: Running symlink check pod: go-component-seeoin-on-pull-request-spsdd-clone-repository-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:99d434308cb649f4aaacd231e4e17d1cdd21e7e4f622648eade721bf6a39c132) Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/go-component-seeoin Executing: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.gJxiIh/auth-I7Mp80.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/go-component-seeoin:on-pr-612aa521a3886be3be857538cd422f11c037afed.git SOURCE_ARTIFACT Uploading 99d434308cb6 SOURCE_ARTIFACT Uploaded 99d434308cb6 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/go-component-seeoin:on-pr-612aa521a3886be3be857538cd422f11c037afed.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:ad557a0edbad8c93c2a7c4e4d834f1d4ebf0029bbce422368f169e7957109b27 Artifacts created pod: go-component-seeoin-on-pull-request-spsdd-init-pod | init container: prepare 2026/05/02 05:07:06 Entrypoint initialization pod: go-component-seeoin-on-pull-request-spsdd-init-pod | container step-init: time="2026-05-02T05:07:43Z" level=info msg="[param] enable: false" time="2026-05-02T05:07:43Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T05:07:43Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T05:07:43Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T05:07:43Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T05:07:43Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T05:07:43Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T05:07:43Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T05:07:43Z" level=info msg="[result] NO PROXY: " pod: go-component-seeoin-on-pullcb6001e3d37bf7710241234df3c16795-pod | init container: prepare 2026/05/02 05:08:12 Entrypoint initialization pod: go-component-seeoin-on-pullcb6001e3d37bf7710241234df3c16795-pod | init container: place-scripts 2026/05/02 05:08:12 Decoded script /tekton/scripts/script-0-g5hgq 2026/05/02 05:08:12 Decoded script /tekton/scripts/script-2-7d6p9 pod: go-component-seeoin-on-pullcb6001e3d37bf7710241234df3c16795-pod | container step-skip-ta: pod: go-component-seeoin-on-pullcb6001e3d37bf7710241234df3c16795-pod | container step-use-trusted-artifact: WARN: found skip file in /var/workdir/source pod: go-component-seeoin-on-pullcb6001e3d37bf7710241234df3c16795-pod | container step-prefetch-dependencies: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' time="2026-05-02T05:09:10Z" level=debug msg="Starting prefetch-dependencies" time="2026-05-02T05:09:10Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T05:09:10Z" level=info msg="Not using package registry proxy because allow-package-registry-proxy is not set to `true` on the cluster level" logger=PrefetchDependencies time="2026-05-02T05:09:10Z" level=info msg="[param] source-dir: /var/workdir/source" time="2026-05-02T05:09:10Z" level=info msg="[param] output-dir: /var/workdir/cachi2/output" time="2026-05-02T05:09:10Z" level=info msg="[param] sbom-format: spdx" time="2026-05-02T05:09:10Z" level=info msg="[param] mode: strict" time="2026-05-02T05:09:10Z" level=info msg="[param] output-dir-mount-point: /cachi2/output" time="2026-05-02T05:09:10Z" level=info msg="[param] env-files: [/var/workdir/cachi2/cachi2.env /var/workdir/cachi2/prefetch.env /var/workdir/cachi2/prefetch-env.json]" time="2026-05-02T05:09:10Z" level=info msg="[param] git-auth-directory: /workspace/git-basic-auth" time="2026-05-02T05:09:18Z" level=info msg="hermeto [stdout] hermeto 0.50.1" logger=CliExecutor time="2026-05-02T05:09:19Z" level=warning msg="No input provided; skipping prefetch-dependencies" logger=PrefetchDependencies time="2026-05-02T05:09:19Z" level=debug msg="Finished prefetch-dependencies" pod: go-component-seeoin-on-pullcb6001e3d37bf7710241234df3c16795-pod | container step-create-trusted-artifact: WARN: found skip file in /var/workdir/source WARN: found skip file in /var/workdir/cachi2 New PipelineRun go-component-seeoin-on-pull-request-x28s6 found after retrigger for component build-e2e-wqrk/go-component-seeoin PipelineRun go-component-seeoin-on-pull-request-x28s6 found for Component build-e2e-wqrk/go-component-seeoin PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: ResolvingTaskRef PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun has not been created yet for the Component build-e2e-wqrk/go-component-seeoin PipelineRun has not been created yet for the Component build-e2e-wqrk/go-component-seeoin PipelineRun has not been created yet for the Component build-e2e-wqrk/go-component-seeoin PipelineRun has not been created yet for the Component build-e2e-wqrk/go-component-seeoin PipelineRun has not been created yet for the Component build-e2e-wqrk/go-component-seeoin PipelineRun has not been created yet for the Component build-e2e-wqrk/go-component-seeoin PipelineRun has not been created yet for the Component build-e2e-wqrk/go-component-seeoin PipelineRun has not been created yet for the Component build-e2e-wqrk/go-component-seeoin PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Running PipelineRun go-component-seeoin-on-pull-request-x28s6 reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for component go-component-seeoin - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:159 @ 05/02/26 05:41:49.332 (34m34.405s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:41:49.333 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:41:49.333 (0s) > Enter [It] merging the PR should be successful - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:164 @ 05/02/26 05:41:49.333 merged result sha: 0c1d69a9ecf5f6e2d4aab583a1011ecfbe4a8b54 for PR #32809 < Exit [It] merging the PR should be successful - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:164 @ 05/02/26 05:41:50.867 (1.534s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:41:50.867 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:41:50.867 (0s) > Enter [It] leads to triggering on push PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:174 @ 05/02/26 05:41:50.868 Push PipelineRun has not been created yet for the component build-e2e-wqrk/go-component-seeoin < Exit [It] leads to triggering on push PipelineRun - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:174 @ 05/02/26 05:42:11.326 (20.458s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:42:11.326 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:42:11.326 (0s) > Enter [It] creates component with context directory python-component - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:106 @ 05/02/26 05:42:11.327 Image repository for component python-component-sukmsc in namespace build-e2e-wqrk do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [It] creates component with context directory python-component - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:106 @ 05/02/26 05:42:21.464 (10.137s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:42:21.465 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:42:21.465 (0s) > Enter [It] triggers a PipelineRun for component python-component-sukmsc - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:125 @ 05/02/26 05:42:21.465 PipelineRun has not been created yet for the component build-e2e-wqrk/python-component-sukmsc < Exit [It] triggers a PipelineRun for component python-component-sukmsc - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:125 @ 05/02/26 05:42:41.75 (20.285s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:42:41.75 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:42:41.75 (0s) > Enter [It] should lead to a PaC PR creation for component python-component-sukmsc - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:140 @ 05/02/26 05:42:41.751 < Exit [It] should lead to a PaC PR creation for component python-component-sukmsc - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:140 @ 05/02/26 05:42:42.095 (345ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:42:42.095 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 05:42:42.096 (0s) [FAILED] Expected success, but got an error: <*errors.errorString | 0xc001502b20>: pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: prepare 2026/05/02 06:01:15 Entrypoint initialization pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: place-scripts 2026/05/02 06:01:15 Decoded script /tekton/scripts/script-0-42c8p 2026/05/02 06:01:15 Decoded script /tekton/scripts/script-1-clsx6 pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1777701678.9782343,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701679.423236,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 9a58fff0b20b171aa9240228699291a7c9c1b6fd (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1777701679.4232862,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701679.4468265,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 9a58fff0b20b171aa9240228699291a7c9c1b6fd directly. pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-symlink-check: Running symlink check pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1) Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.J0N6ty/auth-CgZpio.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git SOURCE_ARTIFACT Uploading 30a0bd277a19 SOURCE_ARTIFACT Uploaded 30a0bd277a19 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:29b0286379e2717b11864360450387a73e9986f6be7c3627aab5854f910f9a93 Artifacts created pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: prepare 2026/05/02 06:02:02 Entrypoint initialization pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: place-scripts 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-1-wknqh 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-2-rhf2s 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-3-xkm58 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-4-hkg9r 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-5-n82hr pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras blob fetch --registry-config /tmp/use-oci.sh.OztHxz/auth-Sp4x4T.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-build: [2026-05-02T06:02:08,343082023+00:00] Validate context path [2026-05-02T06:02:08,346510359+00:00] Update CA trust [2026-05-02T06:02:08,347544486+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T06:02:12,240664532+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-02T06:02:12,248230526+00:00] Prepare system (architecture: x86_64) [2026-05-02T06:02:12,264402475+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/python-39:1-117.1684741281... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8a2e9815396eaa57b0dfe27b2dfc442417f06aa70974c358f198980b533c7942 Copying blob sha256:5465449a2ea5d8a7e05fa498c8ba35f0ce7714b0ad37e716961fca17dfa1ef13 Copying blob sha256:085efe85e9dfb0b3d5d2392e4b78660a3091bf1ded336315117a627fbdd0567d Copying blob sha256:a07d808ddf4404b3885fef6100142a973cc667b2c3c4abcf4db96508795b1efb Copying config sha256:45c8f23c11bb64f238236aaf5cbe05595778e1d4fb6c06109c6fcc0a6b57a45b Writing manifest to image destination Storing signatures [2026-05-02T06:02:42,835630513+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-05-02T06:02:12Z", "com.redhat.component": "python-39-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.buildpacks.stack.id": "com.redhat.stacks.ubi9-python-39", "io.k8s.description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "io.k8s.display-name": "Python 3.9", "io.openshift.expose-services": "8080:http", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,python,python39,python-39,rh-python39", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "SoftwareCollections.org <sclorg@redhat.com>", "name": "ubi9/python-39", "release": "117.1684741281", "summary": "Platform for building and running Python 3.9 applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi9/python-39/images/1-117.1684741281", "usage": "s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.9/test/setup-test-app/ ubi9/python-39 python-sample-app", "vcs-ref": "9a58fff0b20b171aa9240228699291a7c9c1b6fd", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1", "org.opencontainers.image.revision": "9a58fff0b20b171aa9240228699291a7c9c1b6fd", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/sample-multi-component", "quay.expires-after": "5d", "org.opencontainers.image.created": "2026-05-02T06:02:12Z" } [2026-05-02T06:02:42,939251206+00:00] Register sub-man Adding the entitlement to the build [2026-05-02T06:02:42,942342755+00:00] Add secrets [2026-05-02T06:02:42,958124691+00:00] Run buildah build [2026-05-02T06:02:42,959167684+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=9a58fff0b20b171aa9240228699291a7c9c1b6fd --label org.opencontainers.image.revision=9a58fff0b20b171aa9240228699291a7c9c1b6fd --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --label quay.expires-after=5d --label build-date=2026-05-02T06:02:12Z --label org.opencontainers.image.created=2026-05-02T06:02:12Z --annotation org.opencontainers.image.revision=9a58fff0b20b171aa9240228699291a7c9c1b6fd --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --annotation org.opencontainers.image.created=2026-05-02T06:02:12Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.xk9LA0 -t quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd . STEP 1/10: FROM registry.access.redhat.com/ubi9/python-39:1-117.1684741281 STEP 2/10: EXPOSE 8081/tcp STEP 3/10: ENV FLASK_PORT=8081 STEP 4/10: WORKDIR /projects STEP 5/10: COPY . . STEP 6/10: RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; elif [ `ls -1q *.txt | wc -l` == 1 ]; then pip install -r *.txt; fi Collecting Flask==2.3.3 Downloading flask-2.3.3-py3-none-any.whl (96 kB) Collecting blinker>=1.6.2 Downloading blinker-1.9.0-py3-none-any.whl (8.5 kB) Collecting importlib-metadata>=3.6.0 Downloading importlib_metadata-8.7.1-py3-none-any.whl (27 kB) Collecting Jinja2>=3.1.2 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) Collecting itsdangerous>=2.1.2 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting click>=8.1.3 Downloading click-8.1.8-py3-none-any.whl (98 kB) Collecting Werkzeug>=2.3.7 Downloading werkzeug-3.1.8-py3-none-any.whl (226 kB) Collecting zipp>=3.20 Downloading zipp-3.23.1-py3-none-any.whl (10 kB) Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (20 kB) Installing collected packages: zipp, MarkupSafe, Werkzeug, Jinja2, itsdangerous, importlib-metadata, click, blinker, Flask Successfully installed Flask-2.3.3 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.8 blinker-1.9.0 click-8.1.8 importlib-metadata-8.7.1 itsdangerous-2.2.0 zipp-3.23.1 WARNING: You are using pip version 21.3.1; however, version 26.0.1 is available. You should consider upgrading via the '/opt/app-root/bin/python3.9 -m pip install --upgrade pip' command. STEP 7/10: CMD [ "python", "./app.py" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="9a58fff0b20b171aa9240228699291a7c9c1b6fd" "org.opencontainers.image.revision"="9a58fff0b20b171aa9240228699291a7c9c1b6fd" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/sample-multi-component" "quay.expires-after"="5d" "build-date"="2026-05-02T06:02:12Z" "org.opencontainers.image.created"="2026-05-02T06:02:12Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd --> ca84e75f124f Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd ca84e75f124f87650d18f671c13714546ff668228556de54b4b53120968860cb [2026-05-02T06:02:48,359474036+00:00] Unsetting proxy [2026-05-02T06:02:48,360843489+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/python-39:1-117.1684741281 registry.access.redhat.com/ubi9/python-39:1-117.1684741281@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee Getting image source signatures Copying blob sha256:a3551a1f52c5788c9e4e19e7458ecd57b93554fb4cad127b13d61c73c13775e4 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying config sha256:ca84e75f124f87650d18f671c13714546ff668228556de54b4b53120968860cb Writing manifest to image destination [2026-05-02T06:03:22,157574695+00:00] End build pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-push: [2026-05-02T06:03:22,816503114+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T06:03:43,886667723+00:00] Convert image [2026-05-02T06:03:43,887746209+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-2vxmt-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd docker://quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-2vxmt-build-container Getting image source signatures Copying blob sha256:a3551a1f52c5788c9e4e19e7458ecd57b93554fb4cad127b13d61c73c13775e4 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-sbom-syft-generate: pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-prepare-sboms: pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-upload-sbom: pod: python-component-sukmsc-on-pull-request-2vxmt-init-pod | init container: prepare 2026/05/02 06:01:09 Entrypoint initialization pod: python-component-sukmsc-on-pull-request-2vxmt-init-pod | container step-init: time="2026-05-02T06:01:13Z" level=info msg="[param] enable: false" time="2026-05-02T06:01:13Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T06:01:13Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T06:01:13Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T06:01:13Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T06:01:13Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T06:01:13Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T06:01:13Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T06:01:13Z" level=info msg="[result] NO PROXY: " { s: "\n pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: prepare\n2026/05/02 06:01:15 Entrypoint initialization\n\n pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: place-scripts\n2026/05/02 06:01:15 Decoded script /tekton/scripts/script-0-42c8p\n2026/05/02 06:01:15 Decoded script /tekton/scripts/script-1-clsx6\n\npod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-clone: \nINFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt\n{\"level\":\"info\",\"ts\":1777701678.9782343,\"caller\":\"git/git.go:394\",\"msg\":\"Retrying operation (attempt 1)\"}\n{\"level\":\"info\",\"ts\":1777701679.423236,\"caller\":\"git/git.go:223\",\"msg\":\"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 9a58fff0b20b171aa9240228699291a7c9c1b6fd (grafted, HEAD) in path /var/workdir/source\"}\n{\"level\":\"info\",\"ts\":1777701679.4232862,\"caller\":\"git/git.go:394\",\"msg\":\"Retrying operation (attempt 1)\"}\n{\"level\":\"info\",\"ts\":1777701679.4468265,\"caller\":\"git/git.go:277\",\"msg\":\"Successfully initialized and updated submodules in path /var/workdir/source\"}\nMerge option disabled. Using checked-out revision 9a58fff0b20b171aa9240228699291a7c9c1b6fd directly.\n\npod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-symlink-check: \nRunning symlink check\n\npod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-create-trusted-artifact: \nPrepared artifact from /var/workdir/source (sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1)\nUsing token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc\nExecuting: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.J0N6ty/auth-CgZpio.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git SOURCE_ARTIFACT\nUploading 30a0bd277a19 SOURCE_ARTIFACT\nUploaded 30a0bd277a19 SOURCE_ARTIFACT\nPushed [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git\nArtifactType: application/vnd.unknown.artifact.v1\nDigest: sha256:29b0286379e2717b11864360450387a73e9986f6be7c3627aab5854f910f9a93\nArtifacts created\n\n\n pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: prepare\n2026/05/02 06:02:02 Entrypoint initialization\n\n pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: place-scripts\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-1-wknqh\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-2-rhf2s\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-3-xkm58\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-4-hkg9r\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-5-n82hr\n\npod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-use-trusted-artifact: \nUsing token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc\nExecuting: oras blob fetch --registry-config /tmp/use-oci.sh.OztHxz/auth-Sp4x4T.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 --output -\nRestored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 to /var/workdir/source\nWARN: artifact URI not provided, (given: =/var/workdir/cachi2)\n\n\npod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-build: \n[2026-05-02T06:02:08,343082023+00:00] Validate context path\n[2026-05-02T06:02:08,346510359+00:00] Update CA trust\n[2026-05-02T06:02:08,347544486+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt\n'/mnt/trusted-ca/ca-bundle.crt' -> ... Gomega truncated this representation as it exceeds 'format.MaxLength'. Consider having the object provide a custom 'GomegaStringer' representation or adjust the parameters in Gomega's 'format' package. Learn more here: https://onsi.github.io/gomega/#adjusting-output In [It] at: /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:161 @ 05/02/26 06:06:08.218 > Enter [It] the PipelineRun should eventually finish successfully for component python-component-sukmsc - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:159 @ 05/02/26 05:42:42.096 PipelineRun python-component-sukmsc-on-pull-request-zg9vq found for Component build-e2e-wqrk/python-component-sukmsc PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: ResolvingTaskRef PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Failed attempt 1/3: PipelineRun "python-component-sukmsc-on-pull-request-zg9vq" failed: pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | init container: prepare 2026/05/02 05:45:47 Entrypoint initialization pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | init container: place-scripts 2026/05/02 05:45:48 Decoded script /tekton/scripts/script-1-hl8vj 2026/05/02 05:45:48 Decoded script /tekton/scripts/script-2-nv22m 2026/05/02 05:45:48 Decoded script /tekton/scripts/script-3-9jmt9 2026/05/02 05:45:48 Decoded script /tekton/scripts/script-4-cr4nj 2026/05/02 05:45:48 Decoded script /tekton/scripts/script-5-dtzrv pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras blob fetch --registry-config /tmp/use-oci.sh.7uWG5d/auth-x4nJQS.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:06cff40a3970c64bcccdbbfc59f27155ab36c51c6529191b8df58d96cdb58728 --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:06cff40a3970c64bcccdbbfc59f27155ab36c51c6529191b8df58d96cdb58728 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | container step-build: [2026-05-02T05:45:54,435434352+00:00] Validate context path [2026-05-02T05:45:54,439017475+00:00] Update CA trust [2026-05-02T05:45:54,440009173+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T05:45:58,308082555+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-02T05:45:58,315787432+00:00] Prepare system (architecture: x86_64) [2026-05-02T05:45:58,332116835+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/python-39:1-117.1684741281... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8a2e9815396eaa57b0dfe27b2dfc442417f06aa70974c358f198980b533c7942 Copying blob sha256:5465449a2ea5d8a7e05fa498c8ba35f0ce7714b0ad37e716961fca17dfa1ef13 Copying blob sha256:085efe85e9dfb0b3d5d2392e4b78660a3091bf1ded336315117a627fbdd0567d Copying blob sha256:a07d808ddf4404b3885fef6100142a973cc667b2c3c4abcf4db96508795b1efb Copying config sha256:45c8f23c11bb64f238236aaf5cbe05595778e1d4fb6c06109c6fcc0a6b57a45b Writing manifest to image destination Storing signatures [2026-05-02T05:46:49,136550699+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-05-02T05:45:58Z", "com.redhat.component": "python-39-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.buildpacks.stack.id": "com.redhat.stacks.ubi9-python-39", "io.k8s.description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "io.k8s.display-name": "Python 3.9", "io.openshift.expose-services": "8080:http", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,python,python39,python-39,rh-python39", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "SoftwareCollections.org <sclorg@redhat.com>", "name": "ubi9/python-39", "release": "117.1684741281", "summary": "Platform for building and running Python 3.9 applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi9/python-39/images/1-117.1684741281", "usage": "s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.9/test/setup-test-app/ ubi9/python-39 python-sample-app", "vcs-ref": "5e9d7456147050972e8bd012a2304f2853af7090", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1", "org.opencontainers.image.revision": "5e9d7456147050972e8bd012a2304f2853af7090", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/sample-multi-component", "quay.expires-after": "5d", "org.opencontainers.image.created": "2026-05-02T05:45:58Z" } [2026-05-02T05:46:49,205137997+00:00] Register sub-man Adding the entitlement to the build [2026-05-02T05:46:49,208439364+00:00] Add secrets [2026-05-02T05:46:49,223410703+00:00] Run buildah build [2026-05-02T05:46:49,224508110+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=5e9d7456147050972e8bd012a2304f2853af7090 --label org.opencontainers.image.revision=5e9d7456147050972e8bd012a2304f2853af7090 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --label quay.expires-after=5d --label build-date=2026-05-02T05:45:58Z --label org.opencontainers.image.created=2026-05-02T05:45:58Z --annotation org.opencontainers.image.revision=5e9d7456147050972e8bd012a2304f2853af7090 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --annotation org.opencontainers.image.created=2026-05-02T05:45:58Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.E1ZDdx -t quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-5e9d7456147050972e8bd012a2304f2853af7090 . STEP 1/10: FROM registry.access.redhat.com/ubi9/python-39:1-117.1684741281 STEP 2/10: EXPOSE 8081/tcp STEP 3/10: ENV FLASK_PORT=8081 STEP 4/10: WORKDIR /projects STEP 5/10: COPY . . STEP 6/10: RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; elif [ `ls -1q *.txt | wc -l` == 1 ]; then pip install -r *.txt; fi Collecting Flask==2.3.3 Downloading flask-2.3.3-py3-none-any.whl (96 kB) Collecting Werkzeug>=2.3.7 Downloading werkzeug-3.1.8-py3-none-any.whl (226 kB) Collecting Jinja2>=3.1.2 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) Collecting importlib-metadata>=3.6.0 Downloading importlib_metadata-8.7.1-py3-none-any.whl (27 kB) Collecting itsdangerous>=2.1.2 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting click>=8.1.3 Downloading click-8.1.8-py3-none-any.whl (98 kB) Collecting blinker>=1.6.2 Downloading blinker-1.9.0-py3-none-any.whl (8.5 kB) Collecting zipp>=3.20 Downloading zipp-3.23.1-py3-none-any.whl (10 kB) Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (20 kB) Installing collected packages: zipp, MarkupSafe, Werkzeug, Jinja2, itsdangerous, importlib-metadata, click, blinker, Flask Successfully installed Flask-2.3.3 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.8 blinker-1.9.0 click-8.1.8 importlib-metadata-8.7.1 itsdangerous-2.2.0 zipp-3.23.1 WARNING: You are using pip version 21.3.1; however, version 26.0.1 is available. You should consider upgrading via the '/opt/app-root/bin/python3.9 -m pip install --upgrade pip' command. STEP 7/10: CMD [ "python", "./app.py" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="5e9d7456147050972e8bd012a2304f2853af7090" "org.opencontainers.image.revision"="5e9d7456147050972e8bd012a2304f2853af7090" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/sample-multi-component" "quay.expires-after"="5d" "build-date"="2026-05-02T05:45:58Z" "org.opencontainers.image.created"="2026-05-02T05:45:58Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-5e9d7456147050972e8bd012a2304f2853af7090 --> 880be21bb0a4 Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-5e9d7456147050972e8bd012a2304f2853af7090 880be21bb0a4dc887183f659aa71c959e4ec28102a3ef2c74b39e7e6a44dec3e [2026-05-02T05:46:55,183562848+00:00] Unsetting proxy [2026-05-02T05:46:55,184914592+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/python-39:1-117.1684741281 registry.access.redhat.com/ubi9/python-39:1-117.1684741281@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee Getting image source signatures Copying blob sha256:6c1759502abb16f05c80d58967d8fb390a61614ead8273dc0332b032414656aa Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying config sha256:880be21bb0a4dc887183f659aa71c959e4ec28102a3ef2c74b39e7e6a44dec3e Writing manifest to image destination [2026-05-02T05:47:40,567015487+00:00] End build pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | container step-push: [2026-05-02T05:47:40,874407321+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T05:48:03,619431673+00:00] Convert image [2026-05-02T05:48:03,620452583+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-zg9vq-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-5e9d7456147050972e8bd012a2304f2853af7090 docker://quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-zg9vq-build-container Getting image source signatures Copying blob sha256:6c1759502abb16f05c80d58967d8fb390a61614ead8273dc0332b032414656aa Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | container step-sbom-syft-generate: pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | container step-prepare-sboms: pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | container step-upload-sbom: pod: python-component-sukmsc-on-754999f46a0fa17555be458a5cf6e66a-pod | init container: prepare 2026/05/02 05:44:21 Entrypoint initialization pod: python-component-sukmsc-on-754999f46a0fa17555be458a5cf6e66a-pod | init container: place-scripts 2026/05/02 05:44:28 Decoded script /tekton/scripts/script-0-ch9rn 2026/05/02 05:44:28 Decoded script /tekton/scripts/script-1-d5ndj pod: python-component-sukmsc-on-754999f46a0fa17555be458a5cf6e66a-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1777700694.173177,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777700694.6118438,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 5e9d7456147050972e8bd012a2304f2853af7090 (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1777700694.6118908,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777700694.6385515,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 5e9d7456147050972e8bd012a2304f2853af7090 directly. pod: python-component-sukmsc-on-754999f46a0fa17555be458a5cf6e66a-pod | container step-symlink-check: Running symlink check pod: python-component-sukmsc-on-754999f46a0fa17555be458a5cf6e66a-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:06cff40a3970c64bcccdbbfc59f27155ab36c51c6529191b8df58d96cdb58728) Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.LSOynh/auth-yT5i5V.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-5e9d7456147050972e8bd012a2304f2853af7090.git SOURCE_ARTIFACT Uploading 06cff40a3970 SOURCE_ARTIFACT Uploaded 06cff40a3970 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-5e9d7456147050972e8bd012a2304f2853af7090.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:fee9b79c54daebaa5a22532de75a5a97729d55ba732bf70c20b1afdbdca0ee79 Artifacts created pod: python-component-sukmsc-on-pull-request-zg9vq-init-pod | init container: prepare 2026/05/02 05:43:37 Entrypoint initialization pod: python-component-sukmsc-on-pull-request-zg9vq-init-pod | container step-init: time="2026-05-02T05:44:02Z" level=info msg="[param] enable: false" time="2026-05-02T05:44:02Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T05:44:02Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T05:44:02Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T05:44:02Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T05:44:02Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T05:44:02Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T05:44:02Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T05:44:02Z" level=info msg="[result] NO PROXY: " New PipelineRun python-component-sukmsc-on-pull-request-g52js found after retrigger for component build-e2e-wqrk/python-component-sukmsc PipelineRun python-component-sukmsc-on-pull-request-g52js found for Component build-e2e-wqrk/python-component-sukmsc PipelineRun python-component-sukmsc-on-pull-request-g52js reason: ResolvingTaskRef PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: PipelineRunStopping PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Failed attempt 2/3: PipelineRun "python-component-sukmsc-on-pull-request-g52js" failed: pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | init container: prepare 2026/05/02 05:52:38 Entrypoint initialization pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | init container: place-scripts 2026/05/02 05:52:39 Decoded script /tekton/scripts/script-1-jqn5n 2026/05/02 05:52:39 Decoded script /tekton/scripts/script-2-v2r5f 2026/05/02 05:52:39 Decoded script /tekton/scripts/script-3-q2wqz 2026/05/02 05:52:39 Decoded script /tekton/scripts/script-4-5jmn7 2026/05/02 05:52:39 Decoded script /tekton/scripts/script-5-v262p pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras blob fetch --registry-config /tmp/use-oci.sh.lF2h7i/auth-ucX3Mf.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:1be8c6571584be9aeebd552893a68dbc5fc5bf91179437d45cfc9f406a8e597b --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:1be8c6571584be9aeebd552893a68dbc5fc5bf91179437d45cfc9f406a8e597b to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | container step-build: [2026-05-02T05:52:45,310161517+00:00] Validate context path [2026-05-02T05:52:45,313603358+00:00] Update CA trust [2026-05-02T05:52:45,314606115+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T05:52:49,698074396+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-02T05:52:49,757246497+00:00] Prepare system (architecture: x86_64) [2026-05-02T05:52:49,773512560+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/python-39:1-117.1684741281... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8a2e9815396eaa57b0dfe27b2dfc442417f06aa70974c358f198980b533c7942 Copying blob sha256:5465449a2ea5d8a7e05fa498c8ba35f0ce7714b0ad37e716961fca17dfa1ef13 Copying blob sha256:085efe85e9dfb0b3d5d2392e4b78660a3091bf1ded336315117a627fbdd0567d Copying blob sha256:a07d808ddf4404b3885fef6100142a973cc667b2c3c4abcf4db96508795b1efb Copying config sha256:45c8f23c11bb64f238236aaf5cbe05595778e1d4fb6c06109c6fcc0a6b57a45b Writing manifest to image destination Storing signatures [2026-05-02T05:53:20,865452106+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-05-02T05:52:49Z", "com.redhat.component": "python-39-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.buildpacks.stack.id": "com.redhat.stacks.ubi9-python-39", "io.k8s.description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "io.k8s.display-name": "Python 3.9", "io.openshift.expose-services": "8080:http", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,python,python39,python-39,rh-python39", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "SoftwareCollections.org <sclorg@redhat.com>", "name": "ubi9/python-39", "release": "117.1684741281", "summary": "Platform for building and running Python 3.9 applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi9/python-39/images/1-117.1684741281", "usage": "s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.9/test/setup-test-app/ ubi9/python-39 python-sample-app", "vcs-ref": "8db91b08c42f4543dde16ba8ac772c5a35f83632", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1", "org.opencontainers.image.revision": "8db91b08c42f4543dde16ba8ac772c5a35f83632", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/sample-multi-component", "quay.expires-after": "5d", "org.opencontainers.image.created": "2026-05-02T05:52:49Z" } [2026-05-02T05:53:20,967803990+00:00] Register sub-man Adding the entitlement to the build [2026-05-02T05:53:20,970866796+00:00] Add secrets [2026-05-02T05:53:20,986355232+00:00] Run buildah build [2026-05-02T05:53:20,987614197+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=8db91b08c42f4543dde16ba8ac772c5a35f83632 --label org.opencontainers.image.revision=8db91b08c42f4543dde16ba8ac772c5a35f83632 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --label quay.expires-after=5d --label build-date=2026-05-02T05:52:49Z --label org.opencontainers.image.created=2026-05-02T05:52:49Z --annotation org.opencontainers.image.revision=8db91b08c42f4543dde16ba8ac772c5a35f83632 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --annotation org.opencontainers.image.created=2026-05-02T05:52:49Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.erUxuw -t quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 . STEP 1/10: FROM registry.access.redhat.com/ubi9/python-39:1-117.1684741281 STEP 2/10: EXPOSE 8081/tcp STEP 3/10: ENV FLASK_PORT=8081 STEP 4/10: WORKDIR /projects STEP 5/10: COPY . . STEP 6/10: RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; elif [ `ls -1q *.txt | wc -l` == 1 ]; then pip install -r *.txt; fi Collecting Flask==2.3.3 Downloading flask-2.3.3-py3-none-any.whl (96 kB) Collecting itsdangerous>=2.1.2 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting Werkzeug>=2.3.7 Downloading werkzeug-3.1.8-py3-none-any.whl (226 kB) Collecting blinker>=1.6.2 Downloading blinker-1.9.0-py3-none-any.whl (8.5 kB) Collecting importlib-metadata>=3.6.0 Downloading importlib_metadata-8.7.1-py3-none-any.whl (27 kB) Collecting click>=8.1.3 Downloading click-8.1.8-py3-none-any.whl (98 kB) Collecting Jinja2>=3.1.2 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) Collecting zipp>=3.20 Downloading zipp-3.23.1-py3-none-any.whl (10 kB) Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (20 kB) Installing collected packages: zipp, MarkupSafe, Werkzeug, Jinja2, itsdangerous, importlib-metadata, click, blinker, Flask Successfully installed Flask-2.3.3 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.8 blinker-1.9.0 click-8.1.8 importlib-metadata-8.7.1 itsdangerous-2.2.0 zipp-3.23.1 WARNING: You are using pip version 21.3.1; however, version 26.0.1 is available. You should consider upgrading via the '/opt/app-root/bin/python3.9 -m pip install --upgrade pip' command. STEP 7/10: CMD [ "python", "./app.py" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="8db91b08c42f4543dde16ba8ac772c5a35f83632" "org.opencontainers.image.revision"="8db91b08c42f4543dde16ba8ac772c5a35f83632" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/sample-multi-component" "quay.expires-after"="5d" "build-date"="2026-05-02T05:52:49Z" "org.opencontainers.image.created"="2026-05-02T05:52:49Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 --> 29475068a368 Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 29475068a36850ec74569e2c524bbdbed02fbe3dcc7814641c4ed3edf6d0c4fb [2026-05-02T05:53:27,336853436+00:00] Unsetting proxy [2026-05-02T05:53:27,338188448+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/python-39:1-117.1684741281 registry.access.redhat.com/ubi9/python-39:1-117.1684741281@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee Getting image source signatures Copying blob sha256:f2b315ae926318259c6690c0a9c37966a04f31da7632672ee908d09bd1cd9887 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying config sha256:29475068a36850ec74569e2c524bbdbed02fbe3dcc7814641c4ed3edf6d0c4fb Writing manifest to image destination [2026-05-02T05:53:59,582127454+00:00] End build pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | container step-push: [2026-05-02T05:53:59,845018994+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T05:54:21,115361325+00:00] Convert image [2026-05-02T05:54:21,205614784+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-g52js-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 docker://quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-g52js-build-container Getting image source signatures Copying blob sha256:f2b315ae926318259c6690c0a9c37966a04f31da7632672ee908d09bd1cd9887 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying config sha256:29475068a36850ec74569e2c524bbdbed02fbe3dcc7814641c4ed3edf6d0c4fb Writing manifest to image destination [2026-05-02T05:57:04,907067577+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /var/workdir/image-digest quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 docker://quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 Getting image source signatures Copying blob sha256:f2b315ae926318259c6690c0a9c37966a04f31da7632672ee908d09bd1cd9887 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying config sha256:29475068a36850ec74569e2c524bbdbed02fbe3dcc7814641c4ed3edf6d0c4fb Writing manifest to image destination sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 [retry] executing: kubectl get configmap cluster-config -n konflux-info -o json Keyless signing is disabled (none of rekorInternalUrl, fulcioInternalUrl, defaultOIDCIssuer, tufInternalUrl are configured in the konflux-info/cluster-config configmap) [2026-05-02T05:57:08,606835009+00:00] End push pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | container step-sbom-syft-generate: [2026-05-02T05:57:09,063329790+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-05-02T05:58:32,512978304+00:00] End sbom-syft-generate pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | container step-prepare-sboms: [2026-05-02T05:58:32,618867256+00:00] Prepare SBOM [2026-05-02T05:58:32,692874202+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-05-02 05:58:41,896 [INFO] mobster.log: Logging level set to 20 2026-05-02 05:58:45,696 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi9/python-39@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee 2026-05-02 05:58:47,696 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:48,336 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:49,652 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:50,233 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:51,569 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:52,156 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:53,469 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:54,034 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:54,035 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-05-02 05:58:54,035 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-05-02 05:58:54,037 [INFO] mobster.log: Contextual workflow completed in 9.24s 2026-05-02 05:58:55,092 [INFO] mobster.main: Exiting with code 0. [2026-05-02T05:58:56,090634635+00:00] End prepare-sboms pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | container step-upload-sbom: [2026-05-02T05:58:56,181810163+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key <key path>'. Uploading SBOM file for [quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901] to [quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:sha256-b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:fea996e206ea3628b6dcbd9fccf05cd97d395af3797784d760d24e83a9d8212a [2026-05-02T05:59:20,203347913+00:00] End upload-sbom pod: python-component-sukmsc-on-5d59478b4adaff39dfc472dd85e990e0-pod | init container: prepare 2026/05/02 05:59:39 Entrypoint initialization pod: python-component-sukmsc-on-5d59478b4adaff39dfc472dd85e990e0-pod | init container: place-scripts 2026/05/02 05:59:40 Decoded script /tekton/scripts/script-1-j656c 2026/05/02 05:59:40 Decoded script /tekton/scripts/script-2-q76zc pod: python-component-sukmsc-on-5d59478b4adaff39dfc472dd85e990e0-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras blob fetch --registry-config /tmp/use-oci.sh.sav1vu/auth-jGXazW.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:1be8c6571584be9aeebd552893a68dbc5fc5bf91179437d45cfc9f406a8e597b --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:1be8c6571584be9aeebd552893a68dbc5fc5bf91179437d45cfc9f406a8e597b to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: python-component-sukmsc-on-5d59478b4adaff39dfc472dd85e990e0-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=python-component-sukmsc + echo 'INFO: The PROJECT_NAME used is: python-component-sukmsc' + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors INFO: The PROJECT_NAME used is: python-component-sukmsc INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/var/workdir/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/var/workdir/source/. ++ realpath -m /var/workdir/source/. + resolved_path=/var/workdir/source + [[ /var/workdir/source == \/\v\a\r\/\w\o\r\k\d\i\r\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 12800 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=1 + SC_JOBS=1 + echo 'INFO: Setting SC_JOBS=1 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /var/workdir/source INFO: Setting SC_JOBS=1 based on cgroups v2 max for run-shellcheck.sh Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/var/workdir/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-104.json ./shellcheck-results/sc-110.json ./shellcheck-results/sc-116.json ./shellcheck-results/sc-122.json ./shellcheck-results/sc-128.json ./shellcheck-results/sc-134.json ./shellcheck-results/sc-140.json ./shellcheck-results/sc-151.json ./shellcheck-results/sc-82.json ./shellcheck-results/sc-98.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + TEST_OUTPUT= + parse_test_output sast-shell-check-oci-ta-min sarif shellcheck-results.sarif + TEST_NAME=sast-shell-check-oci-ta-min + TEST_RESULT_FORMAT=sarif + TEST_RESULT_FILE=shellcheck-results.sarif + '[' -z sast-shell-check-oci-ta-min ']' + '[' -z sarif ']' + '[' -z shellcheck-results.sarif ']' + '[' '!' -f shellcheck-results.sarif ']' + '[' sarif = sarif ']' +++ jq -rce '(if (.runs[].results | length > 0) then "FAILURE" else "SUCCESS" end)' shellcheck-results.sarif +++ jq -rce '(.runs[].results | length)' shellcheck-results.sarif ++ make_result_json -r SUCCESS -f 0 ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ FAILURES=0 ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-05-02T05:59:51+00:00 --arg result SUCCESS --arg note 'For details, check Tekton task log.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-02T05:59:51+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-05-02T05:59:51+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-02T05:59:51+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ jq .failures ++ echo '{"result":"SUCCESS","timestamp":"2026-05-02T05:59:51+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' + '[' 0 -gt 0 ']' + echo '{"result":"SUCCESS","timestamp":"2026-05-02T05:59:51+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-05-02T05:59:51+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: python-component-sukmsc-on-5d59478b4adaff39dfc472dd85e990e0-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Attaching to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901 shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading da808faebf6f shellcheck-results.sarif Uploaded da808faebf6f shellcheck-results.sarif Uploading f94ede8a8b8e application/vnd.oci.image.manifest.v1+json Uploaded f94ede8a8b8e application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901 Digest: sha256:f94ede8a8b8e6ce081151482edf3250cbcad4225e23f88c6a07377212ada14ec No excluded-findings.json exists. Skipping upload. pod: python-component-sukmsc-on-94ac859697020ff4181a1de79af46382-pod | init container: prepare 2026/05/02 05:59:21 Entrypoint initialization pod: python-component-sukmsc-on-94ac859697020ff4181a1de79af46382-pod | init container: place-scripts 2026/05/02 05:59:22 Decoded script /tekton/scripts/script-0-nb62r 2026/05/02 05:59:22 Decoded script /tekton/scripts/script-1-z9b7q 2026/05/02 05:59:22 Decoded script /tekton/scripts/script-2-zxhm6 pod: python-component-sukmsc-on-94ac859697020ff4181a1de79af46382-pod | container step-build: [2026-05-02T05:59:25,287927133+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Running konflux-build-cli time="2026-05-02T05:59:27Z" level=info msg="[param] image: quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632" time="2026-05-02T05:59:27Z" level=info msg="[param] images: [quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901]" time="2026-05-02T05:59:27Z" level=info msg="[param] buildah-format: docker" time="2026-05-02T05:59:27Z" level=info msg="[param] always-build-index: false" time="2026-05-02T05:59:27Z" level=info msg="[param] additional-tags: [python-component-sukmsc-on-pull-request-g52js-build-image-index]" time="2026-05-02T05:59:27Z" level=info msg="[param] output-manifest-path: /index-build-data/manifest_data.json" time="2026-05-02T05:59:27Z" level=info msg="[param] result-path-image-digest: /tekton/results/IMAGE_DIGEST" time="2026-05-02T05:59:27Z" level=info msg="[param] result-path-image-url: /tekton/results/IMAGE_URL" time="2026-05-02T05:59:27Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-05-02T05:59:27Z" level=info msg="[param] result-path-images: /tekton/results/IMAGES" time="2026-05-02T05:59:27Z" level=info msg="Creating manifest list: quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632" time="2026-05-02T05:59:27Z" level=info msg="buildah [stdout] b165cdbd5841549a9d616c2cb9c8f17bc5088da3472d2e350f6908037cf0f671" logger=CliExecutor time="2026-05-02T05:59:27Z" level=info msg="Skipping image index generation. Returning results for single image." {"image_digest":"sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901","image_url":"quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632","image_ref":"quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901","images":"quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901"} pod: python-component-sukmsc-on-94ac859697020ff4181a1de79af46382-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: python-component-sukmsc-on-94ac859697020ff4181a1de79af46382-pod | container step-upload-sbom: [2026-05-02T05:59:28,533867496+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: python-component-sukmsc-on-bb34c14ac77aa05141258312a302cdfb-pod | init container: prepare 2026/05/02 05:51:53 Entrypoint initialization pod: python-component-sukmsc-on-bb34c14ac77aa05141258312a302cdfb-pod | init container: place-scripts 2026/05/02 05:51:53 Decoded script /tekton/scripts/script-0-dgv45 2026/05/02 05:51:53 Decoded script /tekton/scripts/script-1-c4llc pod: python-component-sukmsc-on-bb34c14ac77aa05141258312a302cdfb-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1777701115.8954604,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701116.3408427,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 8db91b08c42f4543dde16ba8ac772c5a35f83632 (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1777701116.340888,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701116.3651013,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 8db91b08c42f4543dde16ba8ac772c5a35f83632 directly. pod: python-component-sukmsc-on-bb34c14ac77aa05141258312a302cdfb-pod | container step-symlink-check: Running symlink check pod: python-component-sukmsc-on-bb34c14ac77aa05141258312a302cdfb-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:1be8c6571584be9aeebd552893a68dbc5fc5bf91179437d45cfc9f406a8e597b) Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.QZcEwi/auth-021OzT.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632.git SOURCE_ARTIFACT Uploading 1be8c6571584 SOURCE_ARTIFACT Uploaded 1be8c6571584 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:504da778335f1f8bfdcb4854026c24de604ea3236045198f01a44aa158e400a9 Artifacts created pod: python-component-sukmsc-on-pull-request-g52js-clamav-scan-pod | init container: prepare 2026/05/02 05:59:32 Entrypoint initialization pod: python-component-sukmsc-on-pull-request-g52js-clamav-scan-pod | init container: place-scripts 2026/05/02 05:59:39 Decoded script /tekton/scripts/script-0-ccthk 2026/05/02 05:59:39 Decoded script /tekton/scripts/script-1-7979g pod: python-component-sukmsc-on-pull-request-g52js-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 error: unable to extract layer sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8 from quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901: unexpected EOF info: Retrying again in 5 seconds... error: directory /work/content/content-amd64 must be empty, pass --confirm to overwrite contents of directory info: Retrying again in 5 seconds... error: directory /work/content/content-amd64 must be empty, pass --confirm to overwrite contents of directory info: Retrying again in 5 seconds... error: directory /work/content/content-amd64 must be empty, pass --confirm to overwrite contents of directory {"result":"ERROR","timestamp":"2026-05-02T06:00:25+00:00","note":"Unexpected error: Script errored at command: return \"${status}\".","namespace":"default","successes":0,"failures":0,"warnings":0} pod: python-component-sukmsc-on-pull-request-g52js-clamav-scan-pod | container step-upload: No files found. Skipping upload. pod: python-component-sukmsc-on-pull-request-g52js-init-pod | init container: prepare 2026/05/02 05:51:48 Entrypoint initialization pod: python-component-sukmsc-on-pull-request-g52js-init-pod | container step-init: time="2026-05-02T05:51:50Z" level=info msg="[param] enable: false" time="2026-05-02T05:51:50Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T05:51:50Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T05:51:50Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T05:51:50Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T05:51:50Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T05:51:50Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T05:51:50Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T05:51:50Z" level=info msg="[result] NO PROXY: " pod: python-component-sukmsc-on-pull-request-g52js-tpa-scan-pod | init container: prepare 2026/05/02 05:59:47 Entrypoint initialization pod: python-component-sukmsc-on-pull-request-g52js-tpa-scan-pod | init container: place-scripts 2026/05/02 05:59:48 Decoded script /tekton/scripts/script-0-9gzc2 2026/05/02 05:59:48 Decoded script /tekton/scripts/script-1-brlpt 2026/05/02 05:59:48 Decoded script /tekton/scripts/script-2-q975v pod: python-component-sukmsc-on-pull-request-g52js-tpa-scan-pod | container step-get-vulnerabilities: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901. Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation <image uri>'. Found SBOM of media type: text/spdx+json Running TPA scan on amd64 image manifest... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed { "scanned" : { "total" : 787, "direct" : 363, "transitive" : 424 }, "providers" : { "rhtpa" : { "status" : { "ok" : true, "name" : "rhtpa", "code" : 200, "message" : "OK", "warnings" : { } }, "sources" : { "osv-github" : { "summary" : { "direct" : 24, "transitive" : 6, "total" : 30, "dependencies" : 15, "critical" : 0, "high" : 13, "medium" : 14, "low" : 3, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:pypi/setuptools@53.0.0", "issues" : [ { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:pypi/pip@21.3.1", "issues" : [ { "id" : "CVE-2023-5752", "source" : "osv-github", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5752" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-5752", "source" : "osv-github", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5752" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:npm/tar@6.1.11", "issues" : [ { "id" : "CVE-2026-23950", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2026-23950" ], "unique" : false }, { "id" : "CVE-2026-24842", "source" : "osv-github", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-24842" ], "unique" : false }, { "id" : "CVE-2026-26960", "source" : "osv-github", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-26960" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-23950", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2026-23950" ], "unique" : false } }, { "ref" : "pkg:npm/ip@2.0.0", "issues" : [ { "id" : "CVE-2024-29415", "title" : "The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.", "source" : "osv-github", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-29415" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2024-29415", "title" : "The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.", "source" : "osv-github", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-29415" ], "unique" : false } }, { "ref" : "pkg:npm/minimatch@5.1.0", "issues" : [ { "id" : "CVE-2026-27903", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27903" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27904" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-27903", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27903" ], "unique" : false } }, { "ref" : "pkg:pypi/requests@2.25.1", "issues" : [ { "id" : "CVE-2023-32681", "title" : "Unintended leak of Proxy-Authorization header in requests", "source" : "osv-github", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32681" ], "unique" : false }, { "id" : "CVE-2024-35195", "title" : "Requests `Session` object does not verify requests after making first request with verify=False", "source" : "osv-github", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35195" ], "unique" : false }, { "id" : "CVE-2024-47081", "title" : "Requests vulnerable to .netrc credentials leak via malicious URLs", "source" : "osv-github", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47081" ], "unique" : false }, { "id" : "CVE-2026-25645", "title" : "Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function", "source" : "osv-github", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25645" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:pypi/urllib3@1.26.5", "issues" : [ { "id" : "CVE-2026-21441", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21441" ], "unique" : false }, { "id" : "CVE-2023-43804", "source" : "osv-github", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43804" ], "unique" : false }, { "id" : "CVE-2025-50181", "source" : "osv-github", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-50181" ], "unique" : false }, { "id" : "CVE-2024-37891", "source" : "osv-github", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37891" ], "unique" : false }, { "id" : "CVE-2023-45803", "source" : "osv-github", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45803" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-21441", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21441" ], "unique" : false } }, { "ref" : "pkg:pypi/idna@2.10", "issues" : [ { "id" : "CVE-2024-3651", "source" : "osv-github", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3651", "source" : "osv-github", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2026-21441", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21441" ], "unique" : false } }, { "ref" : "pkg:npm/semver@7.3.7", "issues" : [ { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false } }, { "ref" : "pkg:npm/minimatch@3.1.2", "issues" : [ { "id" : "CVE-2026-27903", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27903" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27904" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-27903", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27903" ], "unique" : false } }, { "ref" : "pkg:npm/npm@8.19.3", "issues" : [ { "id" : "CVE-2026-0775", "source" : "osv-github", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-0775" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-0775", "source" : "osv-github", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-0775" ], "unique" : false } }, { "ref" : "pkg:npm/brace-expansion@1.1.11", "issues" : [ { "id" : "CVE-2026-33750", "title" : "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-33750" ], "unique" : false }, { "id" : "CVE-2025-5889", "title" : "juliangruber brace-expansion index.js expand redos", "source" : "osv-github", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-5889" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-33750", "title" : "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-33750" ], "unique" : false } }, { "ref" : "pkg:npm/brace-expansion@2.0.1", "issues" : [ { "id" : "CVE-2026-33750", "title" : "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-33750" ], "unique" : false }, { "id" : "CVE-2025-5889", "title" : "juliangruber brace-expansion index.js expand redos", "source" : "osv-github", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-5889" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-33750", "title" : "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-33750" ], "unique" : false } }, { "ref" : "pkg:pypi/idna@2.10", "issues" : [ { "id" : "CVE-2024-3651", "source" : "osv-github", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2024-3651", "source" : "osv-github", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } }, { "ref" : "pkg:pypi/pip@21.2.3", "issues" : [ { "id" : "CVE-2023-5752", "source" : "osv-github", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5752" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2023-5752", "source" : "osv-github", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5752" ], "unique" : false } }, { "ref" : "pkg:npm/%40tootallnate/once@2.0.0", "issues" : [ { "id" : "CVE-2026-3449", "source" : "osv-github", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3449" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-3449", "source" : "osv-github", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3449" ], "unique" : false } } ] }, "redhat-csaf" : { "summary" : { "direct" : 582, "transitive" : 1173, "total" : 1755, "dependencies" : 209, "critical" : 53, "high" : 717, "medium" : 855, "low" : 130, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false }, { "id" : "CVE-2024-5154", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-5154" ], "unique" : false }, { "id" : "CVE-2025-21927", "title" : "nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21927" ], "unique" : false }, { "id" : "CVE-2023-1652", "title" : "A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-1652" ], "unique" : false }, { "id" : "CVE-2023-52922", "title" : "can: bcm: Fix UAF in bcm_proc_show()", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-52922" ], "unique" : false }, { "id" : "CVE-2024-36971", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-36971" ], "unique" : false }, { "id" : "CVE-2025-21756", "title" : "vsock: Keep the binding until socket destruction", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-21756" ], "unique" : false }, { "id" : "CVE-2025-22020", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-22020" ], "unique" : false }, { "id" : "CVE-2025-38052", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38052" ], "unique" : false }, { "id" : "CVE-2025-38087", "title" : "net/sched: fix use-after-free in taprio_dev_notifier", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38087" ], "unique" : false }, { "id" : "CVE-2022-41723", "title" : "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41723" ], "unique" : false }, { "id" : "CVE-2025-38471", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-38471" ], "unique" : false }, { "id" : "CVE-2024-42284", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-42284" ], "unique" : false }, { "id" : "CVE-2024-53104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-53104" ], "unique" : false }, { "id" : "CVE-2025-37750", "title" : "smb: client: fix UAF in decryption with multichannel", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-37750" ], "unique" : false }, { "id" : "CVE-2025-38250", "title" : "Bluetooth: hci_core: Fix use-after-free in vhci_flush()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-38250" ], "unique" : false }, { "id" : "CVE-2022-49846", "title" : "udf: Fix a slab-out-of-bounds write bug in udf_find_entry()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2022-49846" ], "unique" : false }, { "id" : "CVE-2023-52933", "title" : "Squashfs: fix handling and sanity checking of xattr_ids count", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-52933" ], "unique" : false }, { "id" : "CVE-2023-53751", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-53751" ], "unique" : false }, { "id" : "CVE-2023-6606", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6606" ], "unique" : false }, { "id" : "CVE-2023-6610", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6610" ], "unique" : false }, { "id" : "CVE-2024-35937", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-35937" ], "unique" : false }, { "id" : "CVE-2024-38538", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-38538" ], "unique" : false }, { "id" : "CVE-2024-53150", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-53150" ], "unique" : false }, { "id" : "CVE-2024-57947", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-57947" ], "unique" : false }, { "id" : "CVE-2025-21887", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21887" ], "unique" : false }, { "id" : "CVE-2025-21893", "title" : "keys: Fix UAF in key_put()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21893" ], "unique" : false }, { "id" : "CVE-2025-21920", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21920" ], "unique" : false }, { "id" : "CVE-2025-21969", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21969" ], "unique" : false }, { "id" : "CVE-2025-21979", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21979" ], "unique" : false }, { "id" : "CVE-2025-21993", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21993" ], "unique" : false }, { "id" : "CVE-2025-21997", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21997" ], "unique" : false }, { "id" : "CVE-2025-22026", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22026" ], "unique" : false }, { "id" : "CVE-2025-22055", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22055" ], "unique" : false }, { "id" : "CVE-2025-22058", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22058" ], "unique" : false }, { "id" : "CVE-2025-22104", "title" : "ibmvnic: Use kernel helpers for hex dumps", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22104" ], "unique" : false }, { "id" : "CVE-2025-22113", "title" : "ext4: avoid journaling sb update on error if journal is destroying", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22113" ], "unique" : false }, { "id" : "CVE-2025-22121", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22121" ], "unique" : false }, { "id" : "CVE-2025-37738", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37738" ], "unique" : false }, { "id" : "CVE-2025-37799", "title" : "vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37799" ], "unique" : false }, { "id" : "CVE-2025-38264", "title" : "nvme-tcp: sanitize request list handling", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-38264" ], "unique" : false }, { "id" : "CVE-2022-49977", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-49977" ], "unique" : false }, { "id" : "CVE-2022-50066", "title" : "net: atlantic: fix aq_vec index out of range error", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-50066" ], "unique" : false }, { "id" : "CVE-2023-53047", "title" : "tee: amdtee: fix race condition in amdtee_open_session", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53047" ], "unique" : false }, { "id" : "CVE-2023-53107", "title" : "veth: Fix use after free in XDP_REDIRECT", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53107" ], "unique" : false }, { "id" : "CVE-2023-6932", "title" : "Use-after-free in Linux kernel's ipv4: igmp component", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-6932" ], "unique" : false }, { "id" : "CVE-2024-0646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-0646" ], "unique" : false }, { "id" : "CVE-2024-46858", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-46858" ], "unique" : false }, { "id" : "CVE-2024-50154", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-50154" ], "unique" : false }, { "id" : "CVE-2024-53141", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-53141" ], "unique" : false }, { "id" : "CVE-2025-21727", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21727" ], "unique" : false }, { "id" : "CVE-2025-21764", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21764" ], "unique" : false }, { "id" : "CVE-2025-21867", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21867" ], "unique" : false }, { "id" : "CVE-2025-21919", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21919" ], "unique" : false }, { "id" : "CVE-2025-21926", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21926" ], "unique" : false }, { "id" : "CVE-2025-21966", "title" : "dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21966" ], "unique" : false }, { "id" : "CVE-2025-22004", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22004" ], "unique" : false }, { "id" : "CVE-2025-22126", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22126" ], "unique" : false }, { "id" : "CVE-2025-37797", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37797" ], "unique" : false }, { "id" : "CVE-2025-37803", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37803" ], "unique" : false }, { "id" : "CVE-2025-37890", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37890" ], "unique" : false }, { "id" : "CVE-2025-37914", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37914" ], "unique" : false }, { "id" : "CVE-2025-37943", "title" : "wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37943" ], "unique" : false }, { "id" : "CVE-2025-38079", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38079" ], "unique" : false }, { "id" : "CVE-2025-38086", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38086" ], "unique" : false }, { "id" : "CVE-2025-38124", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38124" ], "unique" : false }, { "id" : "CVE-2025-38177", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38177" ], "unique" : false }, { "id" : "CVE-2025-38200", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38200" ], "unique" : false }, { "id" : "CVE-2025-38332", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38332" ], "unique" : false }, { "id" : "CVE-2022-50616", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50616" ], "unique" : false }, { "id" : "CVE-2024-56614", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56614" ], "unique" : false }, { "id" : "CVE-2024-56615", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56615" ], "unique" : false }, { "id" : "CVE-2025-21883", "title" : "ice: Fix deinitializing VF in error path", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21883" ], "unique" : false }, { "id" : "CVE-2025-21928", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21928" ], "unique" : false }, { "id" : "CVE-2025-21929", "title" : "HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21929" ], "unique" : false }, { "id" : "CVE-2025-21991", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21991" ], "unique" : false }, { "id" : "CVE-2025-22085", "title" : "RDMA/core: Fix use-after-free when rename device name", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22085" ], "unique" : false }, { "id" : "CVE-2021-47383", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2021-47383" ], "unique" : false }, { "id" : "CVE-2025-21759", "title" : "ipv6: mcast: extend RCU protection in igmp6_send()", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21759" ], "unique" : false }, { "id" : "CVE-2023-28746", "title" : "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28746" ], "unique" : false }, { "id" : "CVE-2023-6356", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6356" ], "unique" : false }, { "id" : "CVE-2023-6535", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6535" ], "unique" : false }, { "id" : "CVE-2023-6536", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6536" ], "unique" : false }, { "id" : "CVE-2024-21823", "title" : "Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21823" ], "unique" : false }, { "id" : "CVE-2025-21999", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21999" ], "unique" : false }, { "id" : "CVE-2025-38350", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38350" ], "unique" : false }, { "id" : "CVE-2024-46695", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46695" ], "unique" : false }, { "id" : "CVE-2024-50275", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50275" ], "unique" : false }, { "id" : "CVE-2024-42292", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42292" ], "unique" : false }, { "id" : "CVE-2024-50302", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50302" ], "unique" : false }, { "id" : "CVE-2022-49395", "title" : "um: Fix out-of-bounds read in LDT setup", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49395" ], "unique" : false }, { "id" : "CVE-2023-5090", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5090" ], "unique" : false }, { "id" : "CVE-2024-26664", "title" : "hwmon: (coretemp) Fix out-of-bounds memory access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26664" ], "unique" : false }, { "id" : "CVE-2024-50264", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50264" ], "unique" : false }, { "id" : "CVE-2025-38110", "title" : "net/mdiobus: Fix potential out-of-bounds clause 45 read/write access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38110" ], "unique" : false }, { "id" : "CVE-2024-53122", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53122" ], "unique" : false }, { "id" : "CVE-2024-53197", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53197" ], "unique" : false }, { "id" : "CVE-2024-36941", "title" : "wifi: nl80211: don't free NULL coalescing rule", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36941" ], "unique" : false }, { "id" : "CVE-2024-38627", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38627" ], "unique" : false }, { "id" : "CVE-2022-50042", "title" : "net: genl: fix error path memory leak in policy dumping", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50042" ], "unique" : false }, { "id" : "CVE-2023-1074", "title" : "A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1074" ], "unique" : false }, { "id" : "CVE-2023-45862", "title" : "An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45862" ], "unique" : false }, { "id" : "CVE-2023-52490", "title" : "mm: migrate: fix getting incorrect page mapping during page migration", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52490" ], "unique" : false }, { "id" : "CVE-2023-52658", "title" : "Revert \"net/mlx5: Block entering switchdev mode with ns inconsistency\"", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52658" ], "unique" : false }, { "id" : "CVE-2023-53597", "title" : "cifs: fix mid leak during reconnection after timeout threshold", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53597" ], "unique" : false }, { "id" : "CVE-2023-53704", "title" : "clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53704" ], "unique" : false }, { "id" : "CVE-2023-54004", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54004" ], "unique" : false }, { "id" : "CVE-2023-54093", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54093" ], "unique" : false }, { "id" : "CVE-2023-54271", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54271" ], "unique" : false }, { "id" : "CVE-2023-7192", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7192" ], "unique" : false }, { "id" : "CVE-2024-0443", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0443" ], "unique" : false }, { "id" : "CVE-2024-26615", "title" : "net/smc: fix illegal rmb_desc access in SMC-D connection dump", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26615" ], "unique" : false }, { "id" : "CVE-2024-26878", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26878" ], "unique" : false }, { "id" : "CVE-2024-27046", "title" : "nfp: flower: handle acti_netdevs allocation failure", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27046" ], "unique" : false }, { "id" : "CVE-2024-27052", "title" : "wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27052" ], "unique" : false }, { "id" : "CVE-2024-35789", "title" : "wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35789" ], "unique" : false }, { "id" : "CVE-2024-35852", "title" : "mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35852" ], "unique" : false }, { "id" : "CVE-2024-35890", "title" : "gro: fix ownership transfer", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35890" ], "unique" : false }, { "id" : "CVE-2024-35907", "title" : "mlxbf_gige: call request_irq() after NAPI initialized", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35907" ], "unique" : false }, { "id" : "CVE-2024-35952", "title" : "drm/ast: Fix soft lockup", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35952" ], "unique" : false }, { "id" : "CVE-2024-35989", "title" : "dmaengine: idxd: Fix oops during rmmod on single-CPU platforms", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35989" ], "unique" : false }, { "id" : "CVE-2024-39483", "title" : "KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-39483" ], "unique" : false }, { "id" : "CVE-2024-40959", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-40959" ], "unique" : false }, { "id" : "CVE-2024-41035", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41035" ], "unique" : false }, { "id" : "CVE-2024-41064", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41064" ], "unique" : false }, { "id" : "CVE-2024-42079", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42079" ], "unique" : false }, { "id" : "CVE-2024-42272", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42272" ], "unique" : false }, { "id" : "CVE-2024-42283", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42283" ], "unique" : false }, { "id" : "CVE-2024-42322", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42322" ], "unique" : false }, { "id" : "CVE-2024-43854", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43854" ], "unique" : false }, { "id" : "CVE-2024-44990", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44990" ], "unique" : false }, { "id" : "CVE-2024-44994", "title" : "iommu: Restore lost return in iommu_report_device_fault()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44994" ], "unique" : false }, { "id" : "CVE-2024-45018", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45018" ], "unique" : false }, { "id" : "CVE-2024-46713", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46713" ], "unique" : false }, { "id" : "CVE-2024-46824", "title" : "iommufd: Require drivers to supply the cache_invalidate_user ops", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46824" ], "unique" : false }, { "id" : "CVE-2024-49949", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-49949" ], "unique" : false }, { "id" : "CVE-2024-50208", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50208" ], "unique" : false }, { "id" : "CVE-2024-50251", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50251" ], "unique" : false }, { "id" : "CVE-2024-50252", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50252" ], "unique" : false }, { "id" : "CVE-2024-53113", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53113" ], "unique" : false }, { "id" : "CVE-2025-21669", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21669" ], "unique" : false }, { "id" : "CVE-2025-21962", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21962" ], "unique" : false }, { "id" : "CVE-2025-21963", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21963" ], "unique" : false }, { "id" : "CVE-2025-21964", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21964" ], "unique" : false }, { "id" : "CVE-2025-37785", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-37785" ], "unique" : false }, { "id" : "CVE-2025-38234", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38234" ], "unique" : false }, { "id" : "CVE-2023-52448", "title" : "gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52448" ], "unique" : false }, { "id" : "CVE-2023-53755", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53755" ], "unique" : false }, { "id" : "CVE-2024-47745", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47745" ], "unique" : false }, { "id" : "CVE-2024-53088", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53088" ], "unique" : false }, { "id" : "CVE-2025-21961", "title" : "eth: bnxt: fix truesize for mb-xdp-pass case", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21961" ], "unique" : false }, { "id" : "CVE-2025-22036", "title" : "exfat: fix random stack corruption after get_block", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22036" ], "unique" : false }, { "id" : "CVE-2025-38417", "title" : "ice: fix eswitch code memory leak in reset scenario", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38417" ], "unique" : false }, { "id" : "CVE-2023-52771", "title" : "cxl/port: Fix delete_endpoint() vs parent unregistration race", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52771" ], "unique" : false }, { "id" : "CVE-2023-52864", "title" : "platform/x86: wmi: Fix opening of char device", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52864" ], "unique" : false }, { "id" : "CVE-2024-26855", "title" : "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26855" ], "unique" : false }, { "id" : "CVE-2024-35845", "title" : "wifi: iwlwifi: dbg-tlv: ensure NUL termination", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35845" ], "unique" : false }, { "id" : "CVE-2024-36922", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36922" ], "unique" : false }, { "id" : "CVE-2024-38555", "title" : "net/mlx5: Discard command completions in internal error", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38555" ], "unique" : false }, { "id" : "CVE-2024-38556", "title" : "net/mlx5: Add a timeout to acquire the command queue semaphore", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38556" ], "unique" : false }, { "id" : "CVE-2024-43855", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43855" ], "unique" : false }, { "id" : "CVE-2024-46826", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46826" ], "unique" : false }, { "id" : "CVE-2024-26897", "title" : "wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26897" ], "unique" : false }, { "id" : "CVE-2024-38586", "title" : "r8169: Fix possible ring buffer corruption on fragmented Tx packets.", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38586" ], "unique" : false }, { "id" : "CVE-2022-50846", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2022-50846" ], "unique" : false }, { "id" : "CVE-2023-53639", "title" : "wifi: ath6kl: reduce WARN to dev_dbg() in callback", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-53639" ], "unique" : false }, { "id" : "CVE-2023-54153", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-54153" ], "unique" : false }, { "id" : "CVE-2023-54267", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2023-54267" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libquadmath@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64&distro=rhel-9.2&upstream=binutils-2.35.2-37.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false }, { "id" : "CVE-2025-11082", "title" : "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11082" ], "unique" : false }, { "id" : "CVE-2025-11083", "title" : "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11083" ], "unique" : false }, { "id" : "CVE-2025-5244", "title" : "GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5244" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64&distro=rhel-9.2&upstream=binutils-2.35.2-37.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false }, { "id" : "CVE-2025-11081", "title" : "GNU Binutils objdump.c dump_dwarf_section out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11081" ], "unique" : false }, { "id" : "CVE-2025-11082", "title" : "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11082" ], "unique" : false }, { "id" : "CVE-2025-11083", "title" : "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11083" ], "unique" : false }, { "id" : "CVE-2025-11413", "title" : "GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11413" ], "unique" : false }, { "id" : "CVE-2025-5244", "title" : "GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5244" ], "unique" : false }, { "id" : "CVE-2025-11412", "title" : "GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11412" ], "unique" : false }, { "id" : "CVE-2025-11414", "title" : "GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11414" ], "unique" : false }, { "id" : "CVE-2025-11494", "title" : "GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11494" ], "unique" : false }, { "id" : "CVE-2025-11495", "title" : "GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11495" ], "unique" : false }, { "id" : "CVE-2025-11839", "title" : "GNU Binutils prdbg.c tg_tag_type return value", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11839" ], "unique" : false }, { "id" : "CVE-2025-11840", "title" : "GNU Binutils ldmisc.c vfinfo out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11840" ], "unique" : false }, { "id" : "CVE-2025-66861", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66861" ], "unique" : false }, { "id" : "CVE-2025-66862", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66862" ], "unique" : false }, { "id" : "CVE-2025-66863", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66863" ], "unique" : false }, { "id" : "CVE-2025-66864", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66864" ], "unique" : false }, { "id" : "CVE-2025-66865", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66865" ], "unique" : false }, { "id" : "CVE-2025-66866", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66866" ], "unique" : false }, { "id" : "CVE-2025-69647", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69647" ], "unique" : false }, { "id" : "CVE-2025-69648", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69648" ], "unique" : false }, { "id" : "CVE-2025-69649", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69649" ], "unique" : false }, { "id" : "CVE-2025-69650", "title" : "GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69650" ], "unique" : false }, { "id" : "CVE-2025-69652", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69652" ], "unique" : false }, { "id" : "CVE-2025-69645", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69645" ], "unique" : false }, { "id" : "CVE-2025-69646", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69646" ], "unique" : false }, { "id" : "CVE-2025-69651", "title" : "GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69651" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64&distro=rhel-9.2&upstream=libdnf-0.69.0-3.el9_2.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "title" : "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch&distro=rhel-9.2&upstream=cmake-3.20.2-8.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=emacs-27.2-8.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2025-1244", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-1244" ], "unique" : false }, { "id" : "CVE-2024-30205", "title" : "In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-30205" ], "unique" : false }, { "id" : "CVE-2024-39331", "title" : "In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-39331" ], "unique" : false }, { "id" : "CVE-2024-53920", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-53920" ], "unique" : false }, { "id" : "CVE-2024-30203", "title" : "In Emacs before 29.3, Gnus treats inline MIME contents as trusted.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-30203" ], "unique" : false }, { "id" : "CVE-2024-30204", "title" : "In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-30204" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-1244", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-1244" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch&distro=rhel-9.2&epoch=2&upstream=vim-8.2.2637-20.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-34982", "title" : "Vim modeline bypass via various options affects Vim < 9.2.0276", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-34982" ], "unique" : false }, { "id" : "CVE-2026-25749", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-25749" ], "unique" : false }, { "id" : "CVE-2026-33412", "title" : "Vim affected by Command injection via newline in glob()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-33412" ], "unique" : false }, { "id" : "CVE-2023-4752", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-4752" ], "unique" : false }, { "id" : "CVE-2021-3903", "title" : "Heap-based Buffer Overflow in vim/vim", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3903" ], "unique" : false }, { "id" : "CVE-2026-28421", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28421" ], "unique" : false }, { "id" : "CVE-2026-28417", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28417" ], "unique" : false }, { "id" : "CVE-2025-53905", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53905" ], "unique" : false }, { "id" : "CVE-2025-53906", "title" : "Vim has path traversal issue with zip.vim and special crafted zip archives", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53906" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-34982", "title" : "Vim modeline bypass via various options affects Vim < 9.2.0276", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-34982" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuv@1.42.0-1.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=libuv-1.42.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-24806", "title" : "Improper Domain Lookup that potentially leads to SSRF attacks in libuv", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-24806" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-24806", "title" : "Improper Domain Lookup that potentially leads to SSRF attacks in libuv", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-24806" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch&distro=rhel-9.2&upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "title" : "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64&distro=rhel-9.2&upstream=tpm2-tss-3.0.3-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64&distro=rhel-9.2&upstream=usermode-1.114-4.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64&distro=rhel-9.2&upstream=pam-1.5.1-14.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false }, { "id" : "CVE-2025-8941", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8941" ], "unique" : false }, { "id" : "CVE-2024-10963", "title" : "Pam: improper hostname interpretation in pam_access leads to access control bypass", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-10963" ], "unique" : false }, { "id" : "CVE-2024-22365", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22365" ], "unique" : false }, { "id" : "CVE-2024-10041", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-10041" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64&distro=rhel-9.2&upstream=rsync-3.2.3-19.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-12084", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-12084" ], "unique" : false }, { "id" : "CVE-2024-12085", "title" : "Rsync: info leak via uninitialized stack contents", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-12085" ], "unique" : false }, { "id" : "CVE-2024-12087", "title" : "Rsync: path traversal vulnerability in rsync", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12087" ], "unique" : false }, { "id" : "CVE-2024-12088", "title" : "Rsync: --safe-links option bypass leads to path traversal", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12088" ], "unique" : false }, { "id" : "CVE-2024-12086", "title" : "Rsync: rsync server leaks arbitrary client files", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12086" ], "unique" : false }, { "id" : "CVE-2024-12747", "title" : "Rsync: race condition in rsync handling symbolic links", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12747" ], "unique" : false }, { "id" : "CVE-2025-10158", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-10158" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-12084", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-12084" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64&distro=rhel-9.2&upstream=cyrus-sasl-2.1.27-21.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64&distro=rhel-9.2&upstream=pam-1.5.1-14.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false }, { "id" : "CVE-2025-8941", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8941" ], "unique" : false }, { "id" : "CVE-2024-10963", "title" : "Pam: improper hostname interpretation in pam_access leads to access control bypass", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-10963" ], "unique" : false }, { "id" : "CVE-2024-22365", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22365" ], "unique" : false }, { "id" : "CVE-2024-10041", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-10041" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false }, { "id" : "CVE-2026-40224", "title" : "In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40224" ], "unique" : false }, { "id" : "CVE-2026-4105", "title" : "Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4105" ], "unique" : false }, { "id" : "CVE-2026-40225", "title" : "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40225" ], "unique" : false }, { "id" : "CVE-2026-40226", "title" : "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40226" ], "unique" : false }, { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2026-40227", "title" : "In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40227" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false }, { "id" : "CVE-2026-40223", "title" : "In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40223" ], "unique" : false }, { "id" : "CVE-2026-40228", "title" : "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-40228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-pysocks-1.7.1-12.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch&distro=rhel-9.2&upstream=python-six-1.15.0-9.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64&distro=rhel-9.2&upstream=pygobject3-3.40.1-6.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch&distro=rhel-9.2&upstream=redhat-rpm-config-199-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/go-srpm-macros@3.2.0-1.el9?arch=noarch&distro=rhel-9.2&upstream=go-rpm-macros-3.2.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-61726", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61726" ], "unique" : false }, { "id" : "CVE-2026-25679", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-25679" ], "unique" : false }, { "id" : "CVE-2025-47906", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-47906" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-61726", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61726" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/qt5-srpm-macros@5.15.3-1.el9?arch=noarch&distro=rhel-9.2&upstream=qt5-5.15.3-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-32573", "title" : "In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32573" ], "unique" : false }, { "id" : "CVE-2023-33285", "title" : "An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-33285" ], "unique" : false }, { "id" : "CVE-2023-34410", "title" : "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34410" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-32573", "title" : "In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32573" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64&distro=rhel-9.2&upstream=procps-ng-3.3.17-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4016", "title" : "Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-4016" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch&distro=rhel-9.2&upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch&distro=rhel-9.2&upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-AutoLoader@5.74-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-base@2.27-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Digest-1.19-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64&distro=rhel-9.2&upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm", "issues" : [ { "id" : "CVE-2023-43622", "title" : "Apache HTTP Server: DoS in HTTP/2 with initial windows size 0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-43622" ], "unique" : false }, { "id" : "CVE-2023-45802", "title" : "Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-45802" ], "unique" : false }, { "id" : "CVE-2024-27316", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27316" ], "unique" : false }, { "id" : "CVE-2025-49630", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49630" ], "unique" : false }, { "id" : "CVE-2024-36387", "title" : "Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-36387" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2025-59775", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59775" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2025-59775", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59775" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2025-59775", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59775" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64&distro=rhel-9.2&upstream=pam-1.5.1-14.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false }, { "id" : "CVE-2025-8941", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8941" ], "unique" : false }, { "id" : "CVE-2024-10963", "title" : "Pam: improper hostname interpretation in pam_access leads to access control bypass", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-10963" ], "unique" : false }, { "id" : "CVE-2024-22365", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22365" ], "unique" : false }, { "id" : "CVE-2024-10041", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-10041" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false }, { "id" : "CVE-2026-40224", "title" : "In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40224" ], "unique" : false }, { "id" : "CVE-2026-4105", "title" : "Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4105" ], "unique" : false }, { "id" : "CVE-2026-40225", "title" : "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40225" ], "unique" : false }, { "id" : "CVE-2026-40226", "title" : "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40226" ], "unique" : false }, { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2026-40227", "title" : "In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40227" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false }, { "id" : "CVE-2026-40223", "title" : "In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40223" ], "unique" : false }, { "id" : "CVE-2026-40228", "title" : "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-40228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat-devel@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=apr-util-1.6.1-20.el9_2.1.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64&distro=rhel-9.2&upstream=freetype-2.10.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/graphite2@1.3.14-9.el9?arch=x86_64&distro=rhel-9.2&upstream=graphite2-1.3.14-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-5436", "title" : "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2017-5436" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-5436", "title" : "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2017-5436" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64&distro=rhel-9.2&upstream=freetype-2.10.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false }, { "id" : "CVE-2026-23865", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-23865" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64&distro=rhel-9.2&upstream=freetype-2.10.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=libpng-1.6.37-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-33636", "title" : "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2026-33636" ], "unique" : false }, { "id" : "CVE-2026-33416", "title" : "LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-33416" ], "unique" : false }, { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2025-66293", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-66293" ], "unique" : false }, { "id" : "CVE-2026-25646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-25646" ], "unique" : false }, { "id" : "CVE-2026-22801", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22801" ], "unique" : false }, { "id" : "CVE-2025-28162", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-28162" ], "unique" : false }, { "id" : "CVE-2025-64506", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-64506" ], "unique" : false }, { "id" : "CVE-2026-22695", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22695" ], "unique" : false }, { "id" : "CVE-2026-3713", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3713" ], "unique" : false }, { "id" : "CVE-2025-28164", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-28164" ], "unique" : false }, { "id" : "CVE-2025-64505", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-64505" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-33636", "title" : "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2026-33636" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/brotli-devel@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/brotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz-devel@2.7.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz-icu@2.7.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false }, { "id" : "CVE-2026-22693", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22693" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=libpng-1.6.37-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2025-66293", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-66293" ], "unique" : false }, { "id" : "CVE-2026-25646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-25646" ], "unique" : false }, { "id" : "CVE-2026-22801", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22801" ], "unique" : false }, { "id" : "CVE-2026-22695", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22695" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pixman@0.40.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=pixman-0.40.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-44638", "title" : "In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-44638" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-44638", "title" : "In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-44638" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount-devel@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid-devel@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-devel@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64&distro=rhel-9.2&upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-devel@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64&distro=rhel-9.2&upstream=virt-what-1.25-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64&distro=rhel-9.2&upstream=pam-1.5.1-14.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false }, { "id" : "CVE-2025-8941", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8941" ], "unique" : false }, { "id" : "CVE-2024-10963", "title" : "Pam: improper hostname interpretation in pam_access leads to access control bypass", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-10963" ], "unique" : false }, { "id" : "CVE-2024-22365", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22365" ], "unique" : false }, { "id" : "CVE-2024-10041", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-10041" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dmidecode-3.3-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-30630", "title" : "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-30630" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-30630", "title" : "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-30630" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2025-59775", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59775" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64&distro=rhel-9.2&upstream=binutils-2.35.2-37.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false }, { "id" : "CVE-2025-11082", "title" : "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11082" ], "unique" : false }, { "id" : "CVE-2025-11083", "title" : "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11083" ], "unique" : false }, { "id" : "CVE-2025-5244", "title" : "GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5244" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64&distro=rhel-9.2&upstream=binutils-2.35.2-37.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false }, { "id" : "CVE-2025-11082", "title" : "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11082" ], "unique" : false }, { "id" : "CVE-2025-11083", "title" : "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11083" ], "unique" : false }, { "id" : "CVE-2025-5244", "title" : "GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5244" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64&distro=rhel-9.2&upstream=binutils-2.35.2-37.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false }, { "id" : "CVE-2025-11081", "title" : "GNU Binutils objdump.c dump_dwarf_section out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11081" ], "unique" : false }, { "id" : "CVE-2025-11082", "title" : "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11082" ], "unique" : false }, { "id" : "CVE-2025-11083", "title" : "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11083" ], "unique" : false }, { "id" : "CVE-2025-11413", "title" : "GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11413" ], "unique" : false }, { "id" : "CVE-2025-5244", "title" : "GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5244" ], "unique" : false }, { "id" : "CVE-2025-11412", "title" : "GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11412" ], "unique" : false }, { "id" : "CVE-2025-11414", "title" : "GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11414" ], "unique" : false }, { "id" : "CVE-2025-11494", "title" : "GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11494" ], "unique" : false }, { "id" : "CVE-2025-11495", "title" : "GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11495" ], "unique" : false }, { "id" : "CVE-2025-11839", "title" : "GNU Binutils prdbg.c tg_tag_type return value", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11839" ], "unique" : false }, { "id" : "CVE-2025-11840", "title" : "GNU Binutils ldmisc.c vfinfo out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11840" ], "unique" : false }, { "id" : "CVE-2025-66861", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66861" ], "unique" : false }, { "id" : "CVE-2025-66862", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66862" ], "unique" : false }, { "id" : "CVE-2025-66863", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66863" ], "unique" : false }, { "id" : "CVE-2025-66864", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66864" ], "unique" : false }, { "id" : "CVE-2025-66865", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66865" ], "unique" : false }, { "id" : "CVE-2025-66866", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66866" ], "unique" : false }, { "id" : "CVE-2025-69647", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69647" ], "unique" : false }, { "id" : "CVE-2025-69648", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69648" ], "unique" : false }, { "id" : "CVE-2025-69649", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69649" ], "unique" : false }, { "id" : "CVE-2025-69650", "title" : "GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69650" ], "unique" : false }, { "id" : "CVE-2025-69652", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69652" ], "unique" : false }, { "id" : "CVE-2025-69645", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69645" ], "unique" : false }, { "id" : "CVE-2025-69646", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69646" ], "unique" : false }, { "id" : "CVE-2025-69651", "title" : "GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69651" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch&distro=rhel-9.2&upstream=cmake-3.20.2-8.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false }, { "id" : "CVE-2024-5154", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-5154" ], "unique" : false }, { "id" : "CVE-2025-21927", "title" : "nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21927" ], "unique" : false }, { "id" : "CVE-2023-1652", "title" : "A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-1652" ], "unique" : false }, { "id" : "CVE-2023-52922", "title" : "can: bcm: Fix UAF in bcm_proc_show()", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-52922" ], "unique" : false }, { "id" : "CVE-2024-36971", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-36971" ], "unique" : false }, { "id" : "CVE-2025-21756", "title" : "vsock: Keep the binding until socket destruction", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-21756" ], "unique" : false }, { "id" : "CVE-2025-22020", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-22020" ], "unique" : false }, { "id" : "CVE-2025-38052", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38052" ], "unique" : false }, { "id" : "CVE-2025-38087", "title" : "net/sched: fix use-after-free in taprio_dev_notifier", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38087" ], "unique" : false }, { "id" : "CVE-2022-41723", "title" : "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41723" ], "unique" : false }, { "id" : "CVE-2025-38471", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-38471" ], "unique" : false }, { "id" : "CVE-2024-42284", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-42284" ], "unique" : false }, { "id" : "CVE-2024-53104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-53104" ], "unique" : false }, { "id" : "CVE-2025-37750", "title" : "smb: client: fix UAF in decryption with multichannel", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-37750" ], "unique" : false }, { "id" : "CVE-2025-38250", "title" : "Bluetooth: hci_core: Fix use-after-free in vhci_flush()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-38250" ], "unique" : false }, { "id" : "CVE-2022-49846", "title" : "udf: Fix a slab-out-of-bounds write bug in udf_find_entry()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2022-49846" ], "unique" : false }, { "id" : "CVE-2023-52933", "title" : "Squashfs: fix handling and sanity checking of xattr_ids count", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-52933" ], "unique" : false }, { "id" : "CVE-2023-53751", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-53751" ], "unique" : false }, { "id" : "CVE-2023-6606", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6606" ], "unique" : false }, { "id" : "CVE-2023-6610", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6610" ], "unique" : false }, { "id" : "CVE-2024-35937", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-35937" ], "unique" : false }, { "id" : "CVE-2024-38538", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-38538" ], "unique" : false }, { "id" : "CVE-2024-53150", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-53150" ], "unique" : false }, { "id" : "CVE-2024-57947", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-57947" ], "unique" : false }, { "id" : "CVE-2025-21887", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21887" ], "unique" : false }, { "id" : "CVE-2025-21893", "title" : "keys: Fix UAF in key_put()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21893" ], "unique" : false }, { "id" : "CVE-2025-21920", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21920" ], "unique" : false }, { "id" : "CVE-2025-21969", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21969" ], "unique" : false }, { "id" : "CVE-2025-21979", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21979" ], "unique" : false }, { "id" : "CVE-2025-21993", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21993" ], "unique" : false }, { "id" : "CVE-2025-21997", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21997" ], "unique" : false }, { "id" : "CVE-2025-22026", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22026" ], "unique" : false }, { "id" : "CVE-2025-22055", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22055" ], "unique" : false }, { "id" : "CVE-2025-22058", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22058" ], "unique" : false }, { "id" : "CVE-2025-22104", "title" : "ibmvnic: Use kernel helpers for hex dumps", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22104" ], "unique" : false }, { "id" : "CVE-2025-22113", "title" : "ext4: avoid journaling sb update on error if journal is destroying", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22113" ], "unique" : false }, { "id" : "CVE-2025-22121", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22121" ], "unique" : false }, { "id" : "CVE-2025-37738", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37738" ], "unique" : false }, { "id" : "CVE-2025-37799", "title" : "vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37799" ], "unique" : false }, { "id" : "CVE-2025-38264", "title" : "nvme-tcp: sanitize request list handling", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-38264" ], "unique" : false }, { "id" : "CVE-2022-49977", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-49977" ], "unique" : false }, { "id" : "CVE-2022-50066", "title" : "net: atlantic: fix aq_vec index out of range error", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-50066" ], "unique" : false }, { "id" : "CVE-2023-53047", "title" : "tee: amdtee: fix race condition in amdtee_open_session", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53047" ], "unique" : false }, { "id" : "CVE-2023-53107", "title" : "veth: Fix use after free in XDP_REDIRECT", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53107" ], "unique" : false }, { "id" : "CVE-2023-6932", "title" : "Use-after-free in Linux kernel's ipv4: igmp component", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-6932" ], "unique" : false }, { "id" : "CVE-2024-0646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-0646" ], "unique" : false }, { "id" : "CVE-2024-46858", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-46858" ], "unique" : false }, { "id" : "CVE-2024-50154", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-50154" ], "unique" : false }, { "id" : "CVE-2024-53141", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-53141" ], "unique" : false }, { "id" : "CVE-2025-21727", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21727" ], "unique" : false }, { "id" : "CVE-2025-21764", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21764" ], "unique" : false }, { "id" : "CVE-2025-21867", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21867" ], "unique" : false }, { "id" : "CVE-2025-21919", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21919" ], "unique" : false }, { "id" : "CVE-2025-21926", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21926" ], "unique" : false }, { "id" : "CVE-2025-21966", "title" : "dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21966" ], "unique" : false }, { "id" : "CVE-2025-22004", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22004" ], "unique" : false }, { "id" : "CVE-2025-22126", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22126" ], "unique" : false }, { "id" : "CVE-2025-37797", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37797" ], "unique" : false }, { "id" : "CVE-2025-37803", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37803" ], "unique" : false }, { "id" : "CVE-2025-37890", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37890" ], "unique" : false }, { "id" : "CVE-2025-37914", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37914" ], "unique" : false }, { "id" : "CVE-2025-37943", "title" : "wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37943" ], "unique" : false }, { "id" : "CVE-2025-38079", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38079" ], "unique" : false }, { "id" : "CVE-2025-38086", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38086" ], "unique" : false }, { "id" : "CVE-2025-38124", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38124" ], "unique" : false }, { "id" : "CVE-2025-38177", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38177" ], "unique" : false }, { "id" : "CVE-2025-38200", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38200" ], "unique" : false }, { "id" : "CVE-2025-38332", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38332" ], "unique" : false }, { "id" : "CVE-2022-50616", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50616" ], "unique" : false }, { "id" : "CVE-2024-56614", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56614" ], "unique" : false }, { "id" : "CVE-2024-56615", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56615" ], "unique" : false }, { "id" : "CVE-2025-21883", "title" : "ice: Fix deinitializing VF in error path", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21883" ], "unique" : false }, { "id" : "CVE-2025-21928", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21928" ], "unique" : false }, { "id" : "CVE-2025-21929", "title" : "HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21929" ], "unique" : false }, { "id" : "CVE-2025-21991", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21991" ], "unique" : false }, { "id" : "CVE-2025-22085", "title" : "RDMA/core: Fix use-after-free when rename device name", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22085" ], "unique" : false }, { "id" : "CVE-2021-47383", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2021-47383" ], "unique" : false }, { "id" : "CVE-2025-21759", "title" : "ipv6: mcast: extend RCU protection in igmp6_send()", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21759" ], "unique" : false }, { "id" : "CVE-2023-28746", "title" : "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28746" ], "unique" : false }, { "id" : "CVE-2023-6356", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6356" ], "unique" : false }, { "id" : "CVE-2023-6535", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6535" ], "unique" : false }, { "id" : "CVE-2023-6536", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6536" ], "unique" : false }, { "id" : "CVE-2024-21823", "title" : "Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21823" ], "unique" : false }, { "id" : "CVE-2025-21999", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21999" ], "unique" : false }, { "id" : "CVE-2025-38350", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38350" ], "unique" : false }, { "id" : "CVE-2024-46695", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46695" ], "unique" : false }, { "id" : "CVE-2024-50275", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50275" ], "unique" : false }, { "id" : "CVE-2024-42292", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42292" ], "unique" : false }, { "id" : "CVE-2024-50302", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50302" ], "unique" : false }, { "id" : "CVE-2022-49395", "title" : "um: Fix out-of-bounds read in LDT setup", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49395" ], "unique" : false }, { "id" : "CVE-2023-5090", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5090" ], "unique" : false }, { "id" : "CVE-2024-26664", "title" : "hwmon: (coretemp) Fix out-of-bounds memory access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26664" ], "unique" : false }, { "id" : "CVE-2024-50264", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50264" ], "unique" : false }, { "id" : "CVE-2025-38110", "title" : "net/mdiobus: Fix potential out-of-bounds clause 45 read/write access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38110" ], "unique" : false }, { "id" : "CVE-2024-53122", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53122" ], "unique" : false }, { "id" : "CVE-2024-53197", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53197" ], "unique" : false }, { "id" : "CVE-2024-36941", "title" : "wifi: nl80211: don't free NULL coalescing rule", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36941" ], "unique" : false }, { "id" : "CVE-2024-38627", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38627" ], "unique" : false }, { "id" : "CVE-2022-50042", "title" : "net: genl: fix error path memory leak in policy dumping", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50042" ], "unique" : false }, { "id" : "CVE-2023-1074", "title" : "A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1074" ], "unique" : false }, { "id" : "CVE-2023-45862", "title" : "An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45862" ], "unique" : false }, { "id" : "CVE-2023-52490", "title" : "mm: migrate: fix getting incorrect page mapping during page migration", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52490" ], "unique" : false }, { "id" : "CVE-2023-52658", "title" : "Revert \"net/mlx5: Block entering switchdev mode with ns inconsistency\"", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52658" ], "unique" : false }, { "id" : "CVE-2023-53597", "title" : "cifs: fix mid leak during reconnection after timeout threshold", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53597" ], "unique" : false }, { "id" : "CVE-2023-53704", "title" : "clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53704" ], "unique" : false }, { "id" : "CVE-2023-54004", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54004" ], "unique" : false }, { "id" : "CVE-2023-54093", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54093" ], "unique" : false }, { "id" : "CVE-2023-54271", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54271" ], "unique" : false }, { "id" : "CVE-2023-7192", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7192" ], "unique" : false }, { "id" : "CVE-2024-0443", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0443" ], "unique" : false }, { "id" : "CVE-2024-26615", "title" : "net/smc: fix illegal rmb_desc access in SMC-D connection dump", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26615" ], "unique" : false }, { "id" : "CVE-2024-26878", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26878" ], "unique" : false }, { "id" : "CVE-2024-27046", "title" : "nfp: flower: handle acti_netdevs allocation failure", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27046" ], "unique" : false }, { "id" : "CVE-2024-27052", "title" : "wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27052" ], "unique" : false }, { "id" : "CVE-2024-35789", "title" : "wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35789" ], "unique" : false }, { "id" : "CVE-2024-35852", "title" : "mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35852" ], "unique" : false }, { "id" : "CVE-2024-35890", "title" : "gro: fix ownership transfer", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35890" ], "unique" : false }, { "id" : "CVE-2024-35907", "title" : "mlxbf_gige: call request_irq() after NAPI initialized", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35907" ], "unique" : false }, { "id" : "CVE-2024-35952", "title" : "drm/ast: Fix soft lockup", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35952" ], "unique" : false }, { "id" : "CVE-2024-35989", "title" : "dmaengine: idxd: Fix oops during rmmod on single-CPU platforms", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35989" ], "unique" : false }, { "id" : "CVE-2024-39483", "title" : "KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-39483" ], "unique" : false }, { "id" : "CVE-2024-40959", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-40959" ], "unique" : false }, { "id" : "CVE-2024-41035", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41035" ], "unique" : false }, { "id" : "CVE-2024-41064", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41064" ], "unique" : false }, { "id" : "CVE-2024-42079", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42079" ], "unique" : false }, { "id" : "CVE-2024-42272", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42272" ], "unique" : false }, { "id" : "CVE-2024-42283", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42283" ], "unique" : false }, { "id" : "CVE-2024-42322", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42322" ], "unique" : false }, { "id" : "CVE-2024-43854", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43854" ], "unique" : false }, { "id" : "CVE-2024-44990", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44990" ], "unique" : false }, { "id" : "CVE-2024-44994", "title" : "iommu: Restore lost return in iommu_report_device_fault()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44994" ], "unique" : false }, { "id" : "CVE-2024-45018", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45018" ], "unique" : false }, { "id" : "CVE-2024-46713", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46713" ], "unique" : false }, { "id" : "CVE-2024-46824", "title" : "iommufd: Require drivers to supply the cache_invalidate_user ops", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46824" ], "unique" : false }, { "id" : "CVE-2024-49949", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-49949" ], "unique" : false }, { "id" : "CVE-2024-50208", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50208" ], "unique" : false }, { "id" : "CVE-2024-50251", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50251" ], "unique" : false }, { "id" : "CVE-2024-50252", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50252" ], "unique" : false }, { "id" : "CVE-2024-53113", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53113" ], "unique" : false }, { "id" : "CVE-2025-21669", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21669" ], "unique" : false }, { "id" : "CVE-2025-21962", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21962" ], "unique" : false }, { "id" : "CVE-2025-21963", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21963" ], "unique" : false }, { "id" : "CVE-2025-21964", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21964" ], "unique" : false }, { "id" : "CVE-2025-37785", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-37785" ], "unique" : false }, { "id" : "CVE-2025-38234", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38234" ], "unique" : false }, { "id" : "CVE-2023-52448", "title" : "gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52448" ], "unique" : false }, { "id" : "CVE-2023-53755", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53755" ], "unique" : false }, { "id" : "CVE-2024-47745", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47745" ], "unique" : false }, { "id" : "CVE-2024-53088", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53088" ], "unique" : false }, { "id" : "CVE-2025-21961", "title" : "eth: bnxt: fix truesize for mb-xdp-pass case", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21961" ], "unique" : false }, { "id" : "CVE-2025-22036", "title" : "exfat: fix random stack corruption after get_block", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22036" ], "unique" : false }, { "id" : "CVE-2025-38417", "title" : "ice: fix eswitch code memory leak in reset scenario", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38417" ], "unique" : false }, { "id" : "CVE-2023-52771", "title" : "cxl/port: Fix delete_endpoint() vs parent unregistration race", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52771" ], "unique" : false }, { "id" : "CVE-2023-52864", "title" : "platform/x86: wmi: Fix opening of char device", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52864" ], "unique" : false }, { "id" : "CVE-2024-26855", "title" : "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26855" ], "unique" : false }, { "id" : "CVE-2024-35845", "title" : "wifi: iwlwifi: dbg-tlv: ensure NUL termination", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35845" ], "unique" : false }, { "id" : "CVE-2024-36922", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36922" ], "unique" : false }, { "id" : "CVE-2024-38555", "title" : "net/mlx5: Discard command completions in internal error", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38555" ], "unique" : false }, { "id" : "CVE-2024-38556", "title" : "net/mlx5: Add a timeout to acquire the command queue semaphore", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38556" ], "unique" : false }, { "id" : "CVE-2024-43855", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43855" ], "unique" : false }, { "id" : "CVE-2024-46826", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46826" ], "unique" : false }, { "id" : "CVE-2024-26897", "title" : "wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26897" ], "unique" : false }, { "id" : "CVE-2024-38586", "title" : "r8169: Fix possible ring buffer corruption on fragmented Tx packets.", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38586" ], "unique" : false }, { "id" : "CVE-2022-50846", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2022-50846" ], "unique" : false }, { "id" : "CVE-2023-53639", "title" : "wifi: ath6kl: reduce WARN to dev_dbg() in callback", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-53639" ], "unique" : false }, { "id" : "CVE-2023-54153", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-54153" ], "unique" : false }, { "id" : "CVE-2023-54267", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2023-54267" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64&distro=rhel-9.2&upstream=binutils-2.35.2-37.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false }, { "id" : "CVE-2025-11082", "title" : "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11082" ], "unique" : false }, { "id" : "CVE-2025-11083", "title" : "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11083" ], "unique" : false }, { "id" : "CVE-2025-5244", "title" : "GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5244" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64&distro=rhel-9.2&upstream=binutils-2.35.2-37.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false }, { "id" : "CVE-2025-11081", "title" : "GNU Binutils objdump.c dump_dwarf_section out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11081" ], "unique" : false }, { "id" : "CVE-2025-11082", "title" : "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11082" ], "unique" : false }, { "id" : "CVE-2025-11083", "title" : "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11083" ], "unique" : false }, { "id" : "CVE-2025-11413", "title" : "GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11413" ], "unique" : false }, { "id" : "CVE-2025-5244", "title" : "GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5244" ], "unique" : false }, { "id" : "CVE-2025-11412", "title" : "GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11412" ], "unique" : false }, { "id" : "CVE-2025-11414", "title" : "GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11414" ], "unique" : false }, { "id" : "CVE-2025-11494", "title" : "GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11494" ], "unique" : false }, { "id" : "CVE-2025-11495", "title" : "GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11495" ], "unique" : false }, { "id" : "CVE-2025-11839", "title" : "GNU Binutils prdbg.c tg_tag_type return value", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11839" ], "unique" : false }, { "id" : "CVE-2025-11840", "title" : "GNU Binutils ldmisc.c vfinfo out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11840" ], "unique" : false }, { "id" : "CVE-2025-66861", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66861" ], "unique" : false }, { "id" : "CVE-2025-66862", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66862" ], "unique" : false }, { "id" : "CVE-2025-66863", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66863" ], "unique" : false }, { "id" : "CVE-2025-66864", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66864" ], "unique" : false }, { "id" : "CVE-2025-66865", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66865" ], "unique" : false }, { "id" : "CVE-2025-66866", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66866" ], "unique" : false }, { "id" : "CVE-2025-69647", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69647" ], "unique" : false }, { "id" : "CVE-2025-69648", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69648" ], "unique" : false }, { "id" : "CVE-2025-69649", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69649" ], "unique" : false }, { "id" : "CVE-2025-69650", "title" : "GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69650" ], "unique" : false }, { "id" : "CVE-2025-69652", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69652" ], "unique" : false }, { "id" : "CVE-2025-69645", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69645" ], "unique" : false }, { "id" : "CVE-2025-69646", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69646" ], "unique" : false }, { "id" : "CVE-2025-69651", "title" : "GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69651" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64&distro=rhel-9.2&upstream=librepo-1.14.5-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "title" : "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64&distro=rhel-9.2&upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2025-59775", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59775" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=nodejs-16.19.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false }, { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false }, { "id" : "CVE-2022-4904", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-4904" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2024-21892", "title" : "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process's elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-21892" ], "unique" : false }, { "id" : "CVE-2024-21896", "title" : "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 7.9, "severity" : "HIGH", "cves" : [ "CVE-2024-21896" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2021-35065", "title" : "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-35065" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false }, { "id" : "CVE-2023-23918", "title" : "A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23918" ], "unique" : false }, { "id" : "CVE-2023-23919", "title" : "A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23919" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-38552", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-38552" ], "unique" : false }, { "id" : "CVE-2023-39331", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39331" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-22017", "title" : "setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-22017" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2024-21891", "title" : "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21891" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22020", "title" : "A security flaw in Node.js allows a bypass of network import restrictions.\nBy embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.\nVerified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.\nExploiting this flaw can violate network import security, posing a risk to developers and servers.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22020" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2025-23167", "title" : "A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\\r\\n\\rX` instead of the required `\\r\\n\\r\\n`.\nThis inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.\n\nThe issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.\n\nImpact:\n* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23167" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2023-46809", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46809" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2023-39333", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39333" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-55132" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-21890", "title" : "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:\n```\n --allow-fs-read=/home/node/.ssh/*.pub\n```\n\nwill ignore `pub` and give access to everything after `.ssh/`.\n\nThis misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21890" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2023-45143", "title" : "Undici's cookie header not cleared on cross-origin redirect in fetch", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2023-45143" ], "unique" : false }, { "id" : "CVE-2024-36137", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.\r\n\r\nNode.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-36137" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false }, { "id" : "CVE-2024-22018", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2024-22018" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=nodejs-16.19.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false }, { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false }, { "id" : "CVE-2022-4904", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-4904" ], "unique" : false }, { "id" : "CVE-2022-35255", "title" : "A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2022-35255" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2024-21892", "title" : "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process's elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-21892" ], "unique" : false }, { "id" : "CVE-2024-21896", "title" : "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 7.9, "severity" : "HIGH", "cves" : [ "CVE-2024-21896" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2021-35065", "title" : "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-35065" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false }, { "id" : "CVE-2022-3517", "title" : "A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3517" ], "unique" : false }, { "id" : "CVE-2022-43548", "title" : "A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-43548" ], "unique" : false }, { "id" : "CVE-2023-23918", "title" : "A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23918" ], "unique" : false }, { "id" : "CVE-2023-23919", "title" : "A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23919" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-38552", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-38552" ], "unique" : false }, { "id" : "CVE-2023-39331", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39331" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-22017", "title" : "setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-22017" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2024-21891", "title" : "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21891" ], "unique" : false }, { "id" : "CVE-2022-35256", "title" : "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35256" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22020", "title" : "A security flaw in Node.js allows a bypass of network import restrictions.\nBy embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.\nVerified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.\nExploiting this flaw can violate network import security, posing a risk to developers and servers.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22020" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2025-23167", "title" : "A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\\r\\n\\rX` instead of the required `\\r\\n\\r\\n`.\nThis inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.\n\nThe issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.\n\nImpact:\n* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23167" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2023-46809", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46809" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2023-39333", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39333" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-21890", "title" : "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:\n```\n --allow-fs-read=/home/node/.ssh/*.pub\n```\n\nwill ignore `pub` and give access to everything after `.ssh/`.\n\nThis misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21890" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2023-45143", "title" : "Undici's cookie header not cleared on cross-origin redirect in fetch", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2023-45143" ], "unique" : false }, { "id" : "CVE-2024-36137", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.\r\n\r\nNode.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-36137" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false }, { "id" : "CVE-2024-22018", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2024-22018" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-55132" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=nodejs-16.19.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false }, { "id" : "CVE-2022-4904", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-4904" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-55132" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=nodejs-16.19.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false }, { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false }, { "id" : "CVE-2022-4904", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-4904" ], "unique" : false }, { "id" : "CVE-2022-35255", "title" : "A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2022-35255" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2024-21892", "title" : "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process's elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-21892" ], "unique" : false }, { "id" : "CVE-2024-21896", "title" : "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 7.9, "severity" : "HIGH", "cves" : [ "CVE-2024-21896" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2021-35065", "title" : "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-35065" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false }, { "id" : "CVE-2022-3517", "title" : "A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3517" ], "unique" : false }, { "id" : "CVE-2022-43548", "title" : "A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-43548" ], "unique" : false }, { "id" : "CVE-2023-23918", "title" : "A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23918" ], "unique" : false }, { "id" : "CVE-2023-23919", "title" : "A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23919" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-38552", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-38552" ], "unique" : false }, { "id" : "CVE-2023-39331", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39331" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-22017", "title" : "setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-22017" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2024-21891", "title" : "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21891" ], "unique" : false }, { "id" : "CVE-2022-35256", "title" : "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35256" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22020", "title" : "A security flaw in Node.js allows a bypass of network import restrictions.\nBy embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.\nVerified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.\nExploiting this flaw can violate network import security, posing a risk to developers and servers.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22020" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2025-23167", "title" : "A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\\r\\n\\rX` instead of the required `\\r\\n\\r\\n`.\nThis inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.\n\nThe issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.\n\nImpact:\n* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23167" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2023-46809", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46809" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2023-39333", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39333" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-21890", "title" : "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:\n```\n --allow-fs-read=/home/node/.ssh/*.pub\n```\n\nwill ignore `pub` and give access to everything after `.ssh/`.\n\nThis misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21890" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2023-45143", "title" : "Undici's cookie header not cleared on cross-origin redirect in fetch", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2023-45143" ], "unique" : false }, { "id" : "CVE-2024-36137", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.\r\n\r\nNode.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-36137" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false }, { "id" : "CVE-2024-22018", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2024-22018" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-55132" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=nodejs-16.19.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false }, { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false }, { "id" : "CVE-2022-4904", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-4904" ], "unique" : false }, { "id" : "CVE-2022-35255", "title" : "A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2022-35255" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2024-21892", "title" : "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process's elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-21892" ], "unique" : false }, { "id" : "CVE-2024-21896", "title" : "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 7.9, "severity" : "HIGH", "cves" : [ "CVE-2024-21896" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2021-35065", "title" : "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-35065" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false }, { "id" : "CVE-2022-3517", "title" : "A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3517" ], "unique" : false }, { "id" : "CVE-2022-43548", "title" : "A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-43548" ], "unique" : false }, { "id" : "CVE-2023-23918", "title" : "A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23918" ], "unique" : false }, { "id" : "CVE-2023-23919", "title" : "A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23919" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-38552", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-38552" ], "unique" : false }, { "id" : "CVE-2023-39331", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39331" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-22017", "title" : "setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-22017" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2024-21891", "title" : "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21891" ], "unique" : false }, { "id" : "CVE-2022-35256", "title" : "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35256" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22020", "title" : "A security flaw in Node.js allows a bypass of network import restrictions.\nBy embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.\nVerified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.\nExploiting this flaw can violate network import security, posing a risk to developers and servers.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22020" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2025-23167", "title" : "A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\\r\\n\\rX` instead of the required `\\r\\n\\r\\n`.\nThis inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.\n\nThe issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.\n\nImpact:\n* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23167" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2023-46809", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46809" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2023-39333", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39333" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-21890", "title" : "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:\n```\n --allow-fs-read=/home/node/.ssh/*.pub\n```\n\nwill ignore `pub` and give access to everything after `.ssh/`.\n\nThis misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21890" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2023-45143", "title" : "Undici's cookie header not cleared on cross-origin redirect in fetch", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2023-45143" ], "unique" : false }, { "id" : "CVE-2024-36137", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.\r\n\r\nNode.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-36137" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false }, { "id" : "CVE-2024-22018", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2024-22018" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-55132" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=nodejs-16.19.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false }, { "id" : "CVE-2022-4904", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-4904" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-55132" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-decorator-4.4.2-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2727", "title" : "Bypassing policies imposed by the ImagePolicyWebhook admission plugin", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2727" ], "unique" : false }, { "id" : "CVE-2023-2728", "title" : "Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2728" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64&distro=rhel-9.2&upstream=lsof-4.94.0-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=environment-modules-5.0.1-2.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64&distro=rhel-9.2&upstream=less-590-1.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false }, { "id" : "CVE-2022-46663", "title" : "In GNU Less before 609, crafted data can result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-46663" ], "unique" : false }, { "id" : "CVE-2022-48624", "title" : "close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-48624" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch&distro=rhel-9.2&epoch=2&upstream=vim-8.2.2637-20.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-34982", "title" : "Vim modeline bypass via various options affects Vim < 9.2.0276", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-34982" ], "unique" : false }, { "id" : "CVE-2026-25749", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-25749" ], "unique" : false }, { "id" : "CVE-2026-33412", "title" : "Vim affected by Command injection via newline in glob()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-33412" ], "unique" : false }, { "id" : "CVE-2023-4752", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-4752" ], "unique" : false }, { "id" : "CVE-2021-3903", "title" : "Heap-based Buffer Overflow in vim/vim", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3903" ], "unique" : false }, { "id" : "CVE-2026-28421", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28421" ], "unique" : false }, { "id" : "CVE-2026-28417", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28417" ], "unique" : false }, { "id" : "CVE-2025-53905", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53905" ], "unique" : false }, { "id" : "CVE-2025-53906", "title" : "Vim has path traversal issue with zip.vim and special crafted zip archives", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53906" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-34982", "title" : "Vim modeline bypass via various options affects Vim < 9.2.0276", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-34982" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64&distro=rhel-9.2&upstream=procps-ng-3.3.17-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4016", "title" : "Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-4016" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4016", "title" : "Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-4016" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64&distro=rhel-9.2&upstream=gdb-10.2-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-3826", "title" : "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3826" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch&distro=rhel-9.2&upstream=dnf-4.14.0-5.el9_2.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "title" : "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64&distro=rhel-9.2&upstream=tpm2-tss-3.0.3-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64&distro=rhel-9.2&upstream=python-systemd-234-18.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2025-59775", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59775" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64&distro=rhel-9.2&upstream=openssh-8.7p1-29.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-38408", "title" : "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-38408" ], "unique" : false }, { "id" : "CVE-2026-3497", "title" : "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-3497" ], "unique" : false }, { "id" : "CVE-2024-6387", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-6387" ], "unique" : false }, { "id" : "CVE-2026-35385", "title" : "In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-35385" ], "unique" : false }, { "id" : "CVE-2024-6409", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-6409" ], "unique" : false }, { "id" : "CVE-2025-26465", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26465" ], "unique" : false }, { "id" : "CVE-2023-51385", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-51385" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2025-61984", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61984" ], "unique" : false }, { "id" : "CVE-2025-61985", "title" : "ssh in OpenSSH before 10.1 allows the '\\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61985" ], "unique" : false }, { "id" : "CVE-2026-35414", "title" : "OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-35414" ], "unique" : false }, { "id" : "CVE-2025-32728", "title" : "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32728" ], "unique" : false }, { "id" : "CVE-2026-35386", "title" : "In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2026-35386" ], "unique" : false }, { "id" : "CVE-2026-35387", "title" : "OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-35387" ], "unique" : false }, { "id" : "CVE-2026-35388", "title" : "OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.", "source" : "redhat-csaf", "cvssScore" : 2.2, "severity" : "LOW", "cves" : [ "CVE-2026-35388" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64&distro=rhel-9.2&upstream=openssh-8.7p1-29.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-38408", "title" : "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-38408" ], "unique" : false }, { "id" : "CVE-2026-3497", "title" : "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-3497" ], "unique" : false }, { "id" : "CVE-2024-6387", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-6387" ], "unique" : false }, { "id" : "CVE-2026-35385", "title" : "In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-35385" ], "unique" : false }, { "id" : "CVE-2023-51767", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-51767" ], "unique" : false }, { "id" : "CVE-2024-6409", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-6409" ], "unique" : false }, { "id" : "CVE-2025-26465", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26465" ], "unique" : false }, { "id" : "CVE-2023-51385", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-51385" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2025-61984", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61984" ], "unique" : false }, { "id" : "CVE-2025-61985", "title" : "ssh in OpenSSH before 10.1 allows the '\\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61985" ], "unique" : false }, { "id" : "CVE-2026-35414", "title" : "OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-35414" ], "unique" : false }, { "id" : "CVE-2025-32728", "title" : "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32728" ], "unique" : false }, { "id" : "CVE-2026-35386", "title" : "In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2026-35386" ], "unique" : false }, { "id" : "CVE-2026-35387", "title" : "OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-35387" ], "unique" : false }, { "id" : "CVE-2026-35388", "title" : "OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.", "source" : "redhat-csaf", "cvssScore" : 2.2, "severity" : "LOW", "cves" : [ "CVE-2026-35388" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38408", "title" : "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-38408" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64&distro=rhel-9.2&upstream=pam-1.5.1-14.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false }, { "id" : "CVE-2025-8941", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8941" ], "unique" : false }, { "id" : "CVE-2024-10963", "title" : "Pam: improper hostname interpretation in pam_access leads to access control bypass", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-10963" ], "unique" : false }, { "id" : "CVE-2024-22365", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22365" ], "unique" : false }, { "id" : "CVE-2024-10041", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-10041" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2023-38408", "title" : "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-38408" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch&distro=rhel-9.2&upstream=python-chardet-4.0.0-5.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64&distro=rhel-9.2&upstream=libdnf-0.69.0-3.el9_2.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "title" : "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2025-59775", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59775" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2025-59775", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59775" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64&distro=rhel-9.2&upstream=pam-1.5.1-14.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false }, { "id" : "CVE-2025-8941", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8941" ], "unique" : false }, { "id" : "CVE-2024-10963", "title" : "Pam: improper hostname interpretation in pam_access leads to access control bypass", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-10963" ], "unique" : false }, { "id" : "CVE-2024-22365", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22365" ], "unique" : false }, { "id" : "CVE-2024-10041", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-10041" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false }, { "id" : "CVE-2026-40224", "title" : "In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40224" ], "unique" : false }, { "id" : "CVE-2026-4105", "title" : "Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4105" ], "unique" : false }, { "id" : "CVE-2026-40225", "title" : "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40225" ], "unique" : false }, { "id" : "CVE-2026-40226", "title" : "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40226" ], "unique" : false }, { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2026-40227", "title" : "In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40227" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false }, { "id" : "CVE-2026-40223", "title" : "In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40223" ], "unique" : false }, { "id" : "CVE-2026-40228", "title" : "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-40228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=scl-utils-2.0.3-4.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64&distro=rhel-9.2&upstream=less-590-1.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false }, { "id" : "CVE-2022-46663", "title" : "In GNU Less before 609, crafted data can result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-46663" ], "unique" : false }, { "id" : "CVE-2022-48624", "title" : "close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-48624" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch&distro=rhel-9.2&epoch=2&upstream=vim-8.2.2637-20.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-34982", "title" : "Vim modeline bypass via various options affects Vim < 9.2.0276", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-34982" ], "unique" : false }, { "id" : "CVE-2026-25749", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-25749" ], "unique" : false }, { "id" : "CVE-2026-33412", "title" : "Vim affected by Command injection via newline in glob()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-33412" ], "unique" : false }, { "id" : "CVE-2023-4752", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-4752" ], "unique" : false }, { "id" : "CVE-2021-3903", "title" : "Heap-based Buffer Overflow in vim/vim", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3903" ], "unique" : false }, { "id" : "CVE-2026-28421", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28421" ], "unique" : false }, { "id" : "CVE-2026-28417", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28417" ], "unique" : false }, { "id" : "CVE-2025-53905", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53905" ], "unique" : false }, { "id" : "CVE-2025-53906", "title" : "Vim has path traversal issue with zip.vim and special crafted zip archives", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53906" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-34982", "title" : "Vim modeline bypass via various options affects Vim < 9.2.0276", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-34982" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64&distro=rhel-9.2&upstream=procps-ng-3.3.17-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4016", "title" : "Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-4016" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4016", "title" : "Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-4016" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch&distro=rhel-9.2&upstream=dnf-4.14.0-5.el9_2.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "title" : "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64&distro=rhel-9.2&upstream=tpm2-tss-3.0.3-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "title" : "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-cloud-what@1.29.33.1-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dmidecode-3.3-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-30630", "title" : "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-30630" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-30630", "title" : "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-30630" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64&distro=rhel-9.2&upstream=tpm2-tss-3.0.3-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-requests@2.25.1-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-requests-2.25.1-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-32681", "title" : "Unintended leak of Proxy-Authorization header in requests", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32681" ], "unique" : false }, { "id" : "CVE-2024-35195", "title" : "Requests `Session` object does not verify requests after making first request with verify=False", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35195" ], "unique" : false }, { "id" : "CVE-2024-47081", "title" : "Requests vulnerable to .netrc credentials leak via malicious URLs", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47081" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-32681", "title" : "Unintended leak of Proxy-Authorization header in requests", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32681" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false }, { "id" : "CVE-2024-5154", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-5154" ], "unique" : false }, { "id" : "CVE-2025-21927", "title" : "nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21927" ], "unique" : false }, { "id" : "CVE-2023-1652", "title" : "A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-1652" ], "unique" : false }, { "id" : "CVE-2023-52922", "title" : "can: bcm: Fix UAF in bcm_proc_show()", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-52922" ], "unique" : false }, { "id" : "CVE-2024-36971", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-36971" ], "unique" : false }, { "id" : "CVE-2025-21756", "title" : "vsock: Keep the binding until socket destruction", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-21756" ], "unique" : false }, { "id" : "CVE-2025-22020", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-22020" ], "unique" : false }, { "id" : "CVE-2025-38052", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38052" ], "unique" : false }, { "id" : "CVE-2025-38087", "title" : "net/sched: fix use-after-free in taprio_dev_notifier", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38087" ], "unique" : false }, { "id" : "CVE-2022-41723", "title" : "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41723" ], "unique" : false }, { "id" : "CVE-2025-38471", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-38471" ], "unique" : false }, { "id" : "CVE-2024-42284", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-42284" ], "unique" : false }, { "id" : "CVE-2024-53104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-53104" ], "unique" : false }, { "id" : "CVE-2025-37750", "title" : "smb: client: fix UAF in decryption with multichannel", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-37750" ], "unique" : false }, { "id" : "CVE-2025-38250", "title" : "Bluetooth: hci_core: Fix use-after-free in vhci_flush()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-38250" ], "unique" : false }, { "id" : "CVE-2022-49846", "title" : "udf: Fix a slab-out-of-bounds write bug in udf_find_entry()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2022-49846" ], "unique" : false }, { "id" : "CVE-2023-52933", "title" : "Squashfs: fix handling and sanity checking of xattr_ids count", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-52933" ], "unique" : false }, { "id" : "CVE-2023-53751", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-53751" ], "unique" : false }, { "id" : "CVE-2023-6606", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6606" ], "unique" : false }, { "id" : "CVE-2023-6610", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6610" ], "unique" : false }, { "id" : "CVE-2024-35937", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-35937" ], "unique" : false }, { "id" : "CVE-2024-38538", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-38538" ], "unique" : false }, { "id" : "CVE-2024-53150", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-53150" ], "unique" : false }, { "id" : "CVE-2024-57947", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-57947" ], "unique" : false }, { "id" : "CVE-2025-21887", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21887" ], "unique" : false }, { "id" : "CVE-2025-21893", "title" : "keys: Fix UAF in key_put()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21893" ], "unique" : false }, { "id" : "CVE-2025-21920", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21920" ], "unique" : false }, { "id" : "CVE-2025-21969", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21969" ], "unique" : false }, { "id" : "CVE-2025-21979", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21979" ], "unique" : false }, { "id" : "CVE-2025-21993", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21993" ], "unique" : false }, { "id" : "CVE-2025-21997", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21997" ], "unique" : false }, { "id" : "CVE-2025-22026", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22026" ], "unique" : false }, { "id" : "CVE-2025-22055", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22055" ], "unique" : false }, { "id" : "CVE-2025-22058", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22058" ], "unique" : false }, { "id" : "CVE-2025-22104", "title" : "ibmvnic: Use kernel helpers for hex dumps", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22104" ], "unique" : false }, { "id" : "CVE-2025-22113", "title" : "ext4: avoid journaling sb update on error if journal is destroying", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22113" ], "unique" : false }, { "id" : "CVE-2025-22121", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22121" ], "unique" : false }, { "id" : "CVE-2025-37738", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37738" ], "unique" : false }, { "id" : "CVE-2025-37799", "title" : "vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37799" ], "unique" : false }, { "id" : "CVE-2025-38264", "title" : "nvme-tcp: sanitize request list handling", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-38264" ], "unique" : false }, { "id" : "CVE-2022-49977", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-49977" ], "unique" : false }, { "id" : "CVE-2022-50066", "title" : "net: atlantic: fix aq_vec index out of range error", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-50066" ], "unique" : false }, { "id" : "CVE-2023-53047", "title" : "tee: amdtee: fix race condition in amdtee_open_session", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53047" ], "unique" : false }, { "id" : "CVE-2023-53107", "title" : "veth: Fix use after free in XDP_REDIRECT", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53107" ], "unique" : false }, { "id" : "CVE-2023-6932", "title" : "Use-after-free in Linux kernel's ipv4: igmp component", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-6932" ], "unique" : false }, { "id" : "CVE-2024-0646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-0646" ], "unique" : false }, { "id" : "CVE-2024-46858", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-46858" ], "unique" : false }, { "id" : "CVE-2024-50154", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-50154" ], "unique" : false }, { "id" : "CVE-2024-53141", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-53141" ], "unique" : false }, { "id" : "CVE-2025-21727", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21727" ], "unique" : false }, { "id" : "CVE-2025-21764", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21764" ], "unique" : false }, { "id" : "CVE-2025-21867", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21867" ], "unique" : false }, { "id" : "CVE-2025-21919", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21919" ], "unique" : false }, { "id" : "CVE-2025-21926", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21926" ], "unique" : false }, { "id" : "CVE-2025-21966", "title" : "dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21966" ], "unique" : false }, { "id" : "CVE-2025-22004", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22004" ], "unique" : false }, { "id" : "CVE-2025-22126", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22126" ], "unique" : false }, { "id" : "CVE-2025-37797", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37797" ], "unique" : false }, { "id" : "CVE-2025-37803", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37803" ], "unique" : false }, { "id" : "CVE-2025-37890", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37890" ], "unique" : false }, { "id" : "CVE-2025-37914", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37914" ], "unique" : false }, { "id" : "CVE-2025-37943", "title" : "wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37943" ], "unique" : false }, { "id" : "CVE-2025-38079", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38079" ], "unique" : false }, { "id" : "CVE-2025-38086", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38086" ], "unique" : false }, { "id" : "CVE-2025-38124", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38124" ], "unique" : false }, { "id" : "CVE-2025-38177", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38177" ], "unique" : false }, { "id" : "CVE-2025-38200", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38200" ], "unique" : false }, { "id" : "CVE-2025-38332", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38332" ], "unique" : false }, { "id" : "CVE-2022-50616", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50616" ], "unique" : false }, { "id" : "CVE-2024-56614", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56614" ], "unique" : false }, { "id" : "CVE-2024-56615", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56615" ], "unique" : false }, { "id" : "CVE-2025-21883", "title" : "ice: Fix deinitializing VF in error path", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21883" ], "unique" : false }, { "id" : "CVE-2025-21928", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21928" ], "unique" : false }, { "id" : "CVE-2025-21929", "title" : "HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21929" ], "unique" : false }, { "id" : "CVE-2025-21991", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21991" ], "unique" : false }, { "id" : "CVE-2025-22085", "title" : "RDMA/core: Fix use-after-free when rename device name", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22085" ], "unique" : false }, { "id" : "CVE-2021-47383", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2021-47383" ], "unique" : false }, { "id" : "CVE-2025-21759", "title" : "ipv6: mcast: extend RCU protection in igmp6_send()", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21759" ], "unique" : false }, { "id" : "CVE-2023-28746", "title" : "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28746" ], "unique" : false }, { "id" : "CVE-2023-6356", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6356" ], "unique" : false }, { "id" : "CVE-2023-6535", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6535" ], "unique" : false }, { "id" : "CVE-2023-6536", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6536" ], "unique" : false }, { "id" : "CVE-2024-21823", "title" : "Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21823" ], "unique" : false }, { "id" : "CVE-2025-21999", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21999" ], "unique" : false }, { "id" : "CVE-2025-38350", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38350" ], "unique" : false }, { "id" : "CVE-2024-46695", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46695" ], "unique" : false }, { "id" : "CVE-2024-50275", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50275" ], "unique" : false }, { "id" : "CVE-2024-42292", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42292" ], "unique" : false }, { "id" : "CVE-2024-50302", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50302" ], "unique" : false }, { "id" : "CVE-2022-49395", "title" : "um: Fix out-of-bounds read in LDT setup", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49395" ], "unique" : false }, { "id" : "CVE-2023-5090", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5090" ], "unique" : false }, { "id" : "CVE-2024-26664", "title" : "hwmon: (coretemp) Fix out-of-bounds memory access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26664" ], "unique" : false }, { "id" : "CVE-2024-50264", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50264" ], "unique" : false }, { "id" : "CVE-2025-38110", "title" : "net/mdiobus: Fix potential out-of-bounds clause 45 read/write access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38110" ], "unique" : false }, { "id" : "CVE-2024-53122", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53122" ], "unique" : false }, { "id" : "CVE-2024-53197", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53197" ], "unique" : false }, { "id" : "CVE-2024-36941", "title" : "wifi: nl80211: don't free NULL coalescing rule", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36941" ], "unique" : false }, { "id" : "CVE-2024-38627", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38627" ], "unique" : false }, { "id" : "CVE-2022-50042", "title" : "net: genl: fix error path memory leak in policy dumping", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50042" ], "unique" : false }, { "id" : "CVE-2023-1074", "title" : "A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1074" ], "unique" : false }, { "id" : "CVE-2023-45862", "title" : "An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45862" ], "unique" : false }, { "id" : "CVE-2023-52490", "title" : "mm: migrate: fix getting incorrect page mapping during page migration", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52490" ], "unique" : false }, { "id" : "CVE-2023-52658", "title" : "Revert \"net/mlx5: Block entering switchdev mode with ns inconsistency\"", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52658" ], "unique" : false }, { "id" : "CVE-2023-53597", "title" : "cifs: fix mid leak during reconnection after timeout threshold", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53597" ], "unique" : false }, { "id" : "CVE-2023-53704", "title" : "clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53704" ], "unique" : false }, { "id" : "CVE-2023-54004", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54004" ], "unique" : false }, { "id" : "CVE-2023-54093", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54093" ], "unique" : false }, { "id" : "CVE-2023-54271", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54271" ], "unique" : false }, { "id" : "CVE-2023-7192", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7192" ], "unique" : false }, { "id" : "CVE-2024-0443", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0443" ], "unique" : false }, { "id" : "CVE-2024-26615", "title" : "net/smc: fix illegal rmb_desc access in SMC-D connection dump", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26615" ], "unique" : false }, { "id" : "CVE-2024-26878", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26878" ], "unique" : false }, { "id" : "CVE-2024-27046", "title" : "nfp: flower: handle acti_netdevs allocation failure", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27046" ], "unique" : false }, { "id" : "CVE-2024-27052", "title" : "wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27052" ], "unique" : false }, { "id" : "CVE-2024-35789", "title" : "wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35789" ], "unique" : false }, { "id" : "CVE-2024-35852", "title" : "mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35852" ], "unique" : false }, { "id" : "CVE-2024-35890", "title" : "gro: fix ownership transfer", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35890" ], "unique" : false }, { "id" : "CVE-2024-35907", "title" : "mlxbf_gige: call request_irq() after NAPI initialized", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35907" ], "unique" : false }, { "id" : "CVE-2024-35952", "title" : "drm/ast: Fix soft lockup", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35952" ], "unique" : false }, { "id" : "CVE-2024-35989", "title" : "dmaengine: idxd: Fix oops during rmmod on single-CPU platforms", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35989" ], "unique" : false }, { "id" : "CVE-2024-39483", "title" : "KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-39483" ], "unique" : false }, { "id" : "CVE-2024-40959", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-40959" ], "unique" : false }, { "id" : "CVE-2024-41035", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41035" ], "unique" : false }, { "id" : "CVE-2024-41064", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41064" ], "unique" : false }, { "id" : "CVE-2024-42079", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42079" ], "unique" : false }, { "id" : "CVE-2024-42272", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42272" ], "unique" : false }, { "id" : "CVE-2024-42283", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42283" ], "unique" : false }, { "id" : "CVE-2024-42322", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42322" ], "unique" : false }, { "id" : "CVE-2024-43854", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43854" ], "unique" : false }, { "id" : "CVE-2024-44990", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44990" ], "unique" : false }, { "id" : "CVE-2024-44994", "title" : "iommu: Restore lost return in iommu_report_device_fault()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44994" ], "unique" : false }, { "id" : "CVE-2024-45018", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45018" ], "unique" : false }, { "id" : "CVE-2024-46713", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46713" ], "unique" : false }, { "id" : "CVE-2024-46824", "title" : "iommufd: Require drivers to supply the cache_invalidate_user ops", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46824" ], "unique" : false }, { "id" : "CVE-2024-49949", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-49949" ], "unique" : false }, { "id" : "CVE-2024-50208", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50208" ], "unique" : false }, { "id" : "CVE-2024-50251", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50251" ], "unique" : false }, { "id" : "CVE-2024-50252", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50252" ], "unique" : false }, { "id" : "CVE-2024-53113", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53113" ], "unique" : false }, { "id" : "CVE-2025-21669", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21669" ], "unique" : false }, { "id" : "CVE-2025-21962", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21962" ], "unique" : false }, { "id" : "CVE-2025-21963", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21963" ], "unique" : false }, { "id" : "CVE-2025-21964", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21964" ], "unique" : false }, { "id" : "CVE-2025-37785", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-37785" ], "unique" : false }, { "id" : "CVE-2025-38234", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38234" ], "unique" : false }, { "id" : "CVE-2023-52448", "title" : "gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52448" ], "unique" : false }, { "id" : "CVE-2023-53755", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53755" ], "unique" : false }, { "id" : "CVE-2024-47745", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47745" ], "unique" : false }, { "id" : "CVE-2024-53088", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53088" ], "unique" : false }, { "id" : "CVE-2025-21961", "title" : "eth: bnxt: fix truesize for mb-xdp-pass case", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21961" ], "unique" : false }, { "id" : "CVE-2025-22036", "title" : "exfat: fix random stack corruption after get_block", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22036" ], "unique" : false }, { "id" : "CVE-2025-38417", "title" : "ice: fix eswitch code memory leak in reset scenario", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38417" ], "unique" : false }, { "id" : "CVE-2023-52771", "title" : "cxl/port: Fix delete_endpoint() vs parent unregistration race", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52771" ], "unique" : false }, { "id" : "CVE-2023-52864", "title" : "platform/x86: wmi: Fix opening of char device", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52864" ], "unique" : false }, { "id" : "CVE-2024-26855", "title" : "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26855" ], "unique" : false }, { "id" : "CVE-2024-35845", "title" : "wifi: iwlwifi: dbg-tlv: ensure NUL termination", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35845" ], "unique" : false }, { "id" : "CVE-2024-36922", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36922" ], "unique" : false }, { "id" : "CVE-2024-38555", "title" : "net/mlx5: Discard command completions in internal error", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38555" ], "unique" : false }, { "id" : "CVE-2024-38556", "title" : "net/mlx5: Add a timeout to acquire the command queue semaphore", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38556" ], "unique" : false }, { "id" : "CVE-2024-43855", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43855" ], "unique" : false }, { "id" : "CVE-2024-46826", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46826" ], "unique" : false }, { "id" : "CVE-2024-26897", "title" : "wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26897" ], "unique" : false }, { "id" : "CVE-2024-38586", "title" : "r8169: Fix possible ring buffer corruption on fragmented Tx packets.", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38586" ], "unique" : false }, { "id" : "CVE-2022-50846", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2022-50846" ], "unique" : false }, { "id" : "CVE-2023-53639", "title" : "wifi: ath6kl: reduce WARN to dev_dbg() in callback", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-53639" ], "unique" : false }, { "id" : "CVE-2023-54153", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-54153" ], "unique" : false }, { "id" : "CVE-2023-54267", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2023-54267" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64&distro=rhel-9.2&upstream=binutils-2.35.2-37.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false }, { "id" : "CVE-2025-11082", "title" : "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11082" ], "unique" : false }, { "id" : "CVE-2025-11083", "title" : "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11083" ], "unique" : false }, { "id" : "CVE-2025-5244", "title" : "GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5244" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64&distro=rhel-9.2&upstream=binutils-2.35.2-37.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false }, { "id" : "CVE-2025-11081", "title" : "GNU Binutils objdump.c dump_dwarf_section out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11081" ], "unique" : false }, { "id" : "CVE-2025-11082", "title" : "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11082" ], "unique" : false }, { "id" : "CVE-2025-11083", "title" : "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11083" ], "unique" : false }, { "id" : "CVE-2025-11413", "title" : "GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11413" ], "unique" : false }, { "id" : "CVE-2025-5244", "title" : "GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5244" ], "unique" : false }, { "id" : "CVE-2025-11412", "title" : "GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11412" ], "unique" : false }, { "id" : "CVE-2025-11414", "title" : "GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11414" ], "unique" : false }, { "id" : "CVE-2025-11494", "title" : "GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11494" ], "unique" : false }, { "id" : "CVE-2025-11495", "title" : "GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11495" ], "unique" : false }, { "id" : "CVE-2025-11839", "title" : "GNU Binutils prdbg.c tg_tag_type return value", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11839" ], "unique" : false }, { "id" : "CVE-2025-11840", "title" : "GNU Binutils ldmisc.c vfinfo out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11840" ], "unique" : false }, { "id" : "CVE-2025-66861", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66861" ], "unique" : false }, { "id" : "CVE-2025-66862", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66862" ], "unique" : false }, { "id" : "CVE-2025-66863", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66863" ], "unique" : false }, { "id" : "CVE-2025-66864", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66864" ], "unique" : false }, { "id" : "CVE-2025-66865", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66865" ], "unique" : false }, { "id" : "CVE-2025-66866", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66866" ], "unique" : false }, { "id" : "CVE-2025-69647", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69647" ], "unique" : false }, { "id" : "CVE-2025-69648", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69648" ], "unique" : false }, { "id" : "CVE-2025-69649", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69649" ], "unique" : false }, { "id" : "CVE-2025-69650", "title" : "GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69650" ], "unique" : false }, { "id" : "CVE-2025-69652", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69652" ], "unique" : false }, { "id" : "CVE-2025-69645", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69645" ], "unique" : false }, { "id" : "CVE-2025-69646", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69646" ], "unique" : false }, { "id" : "CVE-2025-69651", "title" : "GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69651" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=gd-2.3.2-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libwebp-1.2.0-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libwebp@1.2.0-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libwebp-1.2.0-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtiff-devel@4.4.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libtiff-4.4.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-9900", "title" : "Libtiff: libtiff write-what-where", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-9900" ], "unique" : false }, { "id" : "CVE-2025-8176", "title" : "LibTIFF tiffmedian.c get_histogram use after free", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8176" ], "unique" : false }, { "id" : "CVE-2026-4775", "title" : "Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-4775" ], "unique" : false }, { "id" : "CVE-2017-17095", "title" : "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2017-17095" ], "unique" : false }, { "id" : "CVE-2023-52355", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52355" ], "unique" : false }, { "id" : "CVE-2023-52356", "title" : "Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52356" ], "unique" : false }, { "id" : "CVE-2024-7006", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-7006" ], "unique" : false }, { "id" : "CVE-2022-40090", "title" : "An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40090" ], "unique" : false }, { "id" : "CVE-2023-3618", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3618" ], "unique" : false }, { "id" : "CVE-2023-40745", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-40745" ], "unique" : false }, { "id" : "CVE-2023-41175", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-41175" ], "unique" : false }, { "id" : "CVE-2023-0795", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0795" ], "unique" : false }, { "id" : "CVE-2023-0796", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0796" ], "unique" : false }, { "id" : "CVE-2023-0797", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0797" ], "unique" : false }, { "id" : "CVE-2023-0798", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0798" ], "unique" : false }, { "id" : "CVE-2023-0800", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0800" ], "unique" : false }, { "id" : "CVE-2023-0801", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0801" ], "unique" : false }, { "id" : "CVE-2023-0802", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0802" ], "unique" : false }, { "id" : "CVE-2023-0803", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0803" ], "unique" : false }, { "id" : "CVE-2023-0804", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0804" ], "unique" : false }, { "id" : "CVE-2022-48281", "title" : "processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., \"WRITE of size 307203\") via a crafted TIFF image.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48281" ], "unique" : false }, { "id" : "CVE-2023-0799", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0799" ], "unique" : false }, { "id" : "CVE-2023-26965", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-26965" ], "unique" : false }, { "id" : "CVE-2023-26966", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-26966" ], "unique" : false }, { "id" : "CVE-2023-2731", "title" : "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2731" ], "unique" : false }, { "id" : "CVE-2023-3316", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3316" ], "unique" : false }, { "id" : "CVE-2023-3576", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3576" ], "unique" : false }, { "id" : "CVE-2023-6228", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-6228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-9900", "title" : "Libtiff: libtiff write-what-where", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-9900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/graphite2@1.3.14-9.el9?arch=x86_64&distro=rhel-9.2&upstream=graphite2-1.3.14-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-5436", "title" : "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2017-5436" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-5436", "title" : "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2017-5436" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libtiff-4.4.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-9900", "title" : "Libtiff: libtiff write-what-where", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-9900" ], "unique" : false }, { "id" : "CVE-2025-8176", "title" : "LibTIFF tiffmedian.c get_histogram use after free", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8176" ], "unique" : false }, { "id" : "CVE-2026-4775", "title" : "Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-4775" ], "unique" : false }, { "id" : "CVE-2017-17095", "title" : "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2017-17095" ], "unique" : false }, { "id" : "CVE-2023-52355", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52355" ], "unique" : false }, { "id" : "CVE-2023-52356", "title" : "Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52356" ], "unique" : false }, { "id" : "CVE-2024-7006", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-7006" ], "unique" : false }, { "id" : "CVE-2022-40090", "title" : "An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40090" ], "unique" : false }, { "id" : "CVE-2023-3618", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3618" ], "unique" : false }, { "id" : "CVE-2023-40745", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-40745" ], "unique" : false }, { "id" : "CVE-2023-41175", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-41175" ], "unique" : false }, { "id" : "CVE-2023-0795", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0795" ], "unique" : false }, { "id" : "CVE-2023-0796", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0796" ], "unique" : false }, { "id" : "CVE-2023-0797", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0797" ], "unique" : false }, { "id" : "CVE-2023-0798", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0798" ], "unique" : false }, { "id" : "CVE-2023-0800", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0800" ], "unique" : false }, { "id" : "CVE-2023-0801", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0801" ], "unique" : false }, { "id" : "CVE-2023-0802", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0802" ], "unique" : false }, { "id" : "CVE-2023-0803", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0803" ], "unique" : false }, { "id" : "CVE-2023-0804", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0804" ], "unique" : false }, { "id" : "CVE-2022-48281", "title" : "processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., \"WRITE of size 307203\") via a crafted TIFF image.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48281" ], "unique" : false }, { "id" : "CVE-2023-0799", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0799" ], "unique" : false }, { "id" : "CVE-2023-26965", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-26965" ], "unique" : false }, { "id" : "CVE-2023-26966", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-26966" ], "unique" : false }, { "id" : "CVE-2023-2731", "title" : "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2731" ], "unique" : false }, { "id" : "CVE-2023-3316", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3316" ], "unique" : false }, { "id" : "CVE-2023-3576", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3576" ], "unique" : false }, { "id" : "CVE-2025-61143", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61143" ], "unique" : false }, { "id" : "CVE-2025-61144", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61144" ], "unique" : false }, { "id" : "CVE-2025-61145", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61145" ], "unique" : false }, { "id" : "CVE-2023-6228", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-6228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-9900", "title" : "Libtiff: libtiff write-what-where", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-9900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64&distro=rhel-9.2&upstream=freetype-2.10.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false }, { "id" : "CVE-2026-23865", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-23865" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64&distro=rhel-9.2&upstream=freetype-2.10.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-xcb@1.7.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-devel@1.7.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=libpng-1.6.37-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-33636", "title" : "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2026-33636" ], "unique" : false }, { "id" : "CVE-2026-33416", "title" : "LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-33416" ], "unique" : false }, { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2025-66293", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-66293" ], "unique" : false }, { "id" : "CVE-2026-25646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-25646" ], "unique" : false }, { "id" : "CVE-2026-22801", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22801" ], "unique" : false }, { "id" : "CVE-2025-28162", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-28162" ], "unique" : false }, { "id" : "CVE-2025-64506", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-64506" ], "unique" : false }, { "id" : "CVE-2026-22695", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22695" ], "unique" : false }, { "id" : "CVE-2026-3713", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3713" ], "unique" : false }, { "id" : "CVE-2025-28164", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-28164" ], "unique" : false }, { "id" : "CVE-2025-64505", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-64505" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-33636", "title" : "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2026-33636" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/brotli-devel@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/brotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz-devel@2.7.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-devel@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz-icu@2.7.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false }, { "id" : "CVE-2026-22693", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22693" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libjpeg-turbo-devel@2.0.90-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libjpeg-turbo-2.0.90-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2021-29390", "title" : "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2021-29390" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-29390", "title" : "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2021-29390" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=libpng-1.6.37-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2025-66293", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-66293" ], "unique" : false }, { "id" : "CVE-2026-25646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-25646" ], "unique" : false }, { "id" : "CVE-2026-22801", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22801" ], "unique" : false }, { "id" : "CVE-2026-22695", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22695" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libjpeg-turbo@2.0.90-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libjpeg-turbo-2.0.90-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2021-29390", "title" : "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2021-29390" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-29390", "title" : "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2021-29390" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pixman@0.40.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=pixman-0.40.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-44638", "title" : "In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-44638" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-44638", "title" : "In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-44638" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount-devel@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid-devel@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libXpm@3.5.13-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libXpm-3.5.13-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false }, { "id" : "CVE-2023-43789", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43789" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libXpm-3.5.13-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false }, { "id" : "CVE-2023-43789", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43789" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-devel@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=git-2.39.3-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-32002", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-32002" ], "unique" : false }, { "id" : "CVE-2025-48385", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2025-48385" ], "unique" : false }, { "id" : "CVE-2024-32004", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-32004" ], "unique" : false }, { "id" : "CVE-2025-48384", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-48384" ], "unique" : false }, { "id" : "CVE-2024-52005", "title" : "The sideband payload is passed unfiltered to the terminal in git", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-52005" ], "unique" : false }, { "id" : "CVE-2024-32465", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-32465" ], "unique" : false }, { "id" : "CVE-2025-27614", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-27614" ], "unique" : false }, { "id" : "CVE-2024-52006", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52006" ], "unique" : false }, { "id" : "CVE-2025-27613", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-27613" ], "unique" : false }, { "id" : "CVE-2024-32020", "title" : "Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-32020" ], "unique" : false }, { "id" : "CVE-2024-32021", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-32021" ], "unique" : false }, { "id" : "CVE-2024-50349", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2024-50349" ], "unique" : false }, { "id" : "CVE-2025-46835", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-46835" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64&distro=rhel-9.2&upstream=openssh-8.7p1-29.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-38408", "title" : "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-38408" ], "unique" : false }, { "id" : "CVE-2026-3497", "title" : "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-3497" ], "unique" : false }, { "id" : "CVE-2024-6387", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-6387" ], "unique" : false }, { "id" : "CVE-2026-35385", "title" : "In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-35385" ], "unique" : false }, { "id" : "CVE-2024-6409", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-6409" ], "unique" : false }, { "id" : "CVE-2025-26465", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26465" ], "unique" : false }, { "id" : "CVE-2023-51385", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-51385" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2025-61984", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61984" ], "unique" : false }, { "id" : "CVE-2025-61985", "title" : "ssh in OpenSSH before 10.1 allows the '\\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61985" ], "unique" : false }, { "id" : "CVE-2026-35414", "title" : "OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-35414" ], "unique" : false }, { "id" : "CVE-2025-32728", "title" : "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32728" ], "unique" : false }, { "id" : "CVE-2026-35386", "title" : "In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2026-35386" ], "unique" : false }, { "id" : "CVE-2026-35387", "title" : "OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-35387" ], "unique" : false }, { "id" : "CVE-2026-35388", "title" : "OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.", "source" : "redhat-csaf", "cvssScore" : 2.2, "severity" : "LOW", "cves" : [ "CVE-2026-35388" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38408", "title" : "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-38408" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64&distro=rhel-9.2&upstream=openssh-8.7p1-29.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-38408", "title" : "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-38408" ], "unique" : false }, { "id" : "CVE-2026-3497", "title" : "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-3497" ], "unique" : false }, { "id" : "CVE-2024-6387", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-6387" ], "unique" : false }, { "id" : "CVE-2026-35385", "title" : "In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-35385" ], "unique" : false }, { "id" : "CVE-2023-51767", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-51767" ], "unique" : false }, { "id" : "CVE-2024-6409", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-6409" ], "unique" : false }, { "id" : "CVE-2025-26465", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26465" ], "unique" : false }, { "id" : "CVE-2023-51385", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-51385" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2025-61984", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61984" ], "unique" : false }, { "id" : "CVE-2025-61985", "title" : "ssh in OpenSSH before 10.1 allows the '\\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61985" ], "unique" : false }, { "id" : "CVE-2026-35414", "title" : "OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-35414" ], "unique" : false }, { "id" : "CVE-2025-32728", "title" : "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32728" ], "unique" : false }, { "id" : "CVE-2026-35386", "title" : "In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2026-35386" ], "unique" : false }, { "id" : "CVE-2026-35387", "title" : "OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-35387" ], "unique" : false }, { "id" : "CVE-2026-35388", "title" : "OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.", "source" : "redhat-csaf", "cvssScore" : 2.2, "severity" : "LOW", "cves" : [ "CVE-2026-35388" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38408", "title" : "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-38408" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=git-2.39.3-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-32002", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-32002" ], "unique" : false }, { "id" : "CVE-2025-48385", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2025-48385" ], "unique" : false }, { "id" : "CVE-2024-32004", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-32004" ], "unique" : false }, { "id" : "CVE-2025-48384", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-48384" ], "unique" : false }, { "id" : "CVE-2024-52005", "title" : "The sideband payload is passed unfiltered to the terminal in git", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-52005" ], "unique" : false }, { "id" : "CVE-2024-32465", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-32465" ], "unique" : false }, { "id" : "CVE-2025-27614", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-27614" ], "unique" : false }, { "id" : "CVE-2024-52006", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52006" ], "unique" : false }, { "id" : "CVE-2025-27613", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-27613" ], "unique" : false }, { "id" : "CVE-2024-32020", "title" : "Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-32020" ], "unique" : false }, { "id" : "CVE-2024-32021", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-32021" ], "unique" : false }, { "id" : "CVE-2024-50349", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2024-50349" ], "unique" : false }, { "id" : "CVE-2025-46835", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-46835" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-32002", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-32002" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/git-core@2.39.3-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=git-2.39.3-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-32002", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-32002" ], "unique" : false }, { "id" : "CVE-2025-48385", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2025-48385" ], "unique" : false }, { "id" : "CVE-2024-32004", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-32004" ], "unique" : false }, { "id" : "CVE-2025-48384", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-48384" ], "unique" : false }, { "id" : "CVE-2024-52005", "title" : "The sideband payload is passed unfiltered to the terminal in git", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-52005" ], "unique" : false }, { "id" : "CVE-2024-32465", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-32465" ], "unique" : false }, { "id" : "CVE-2025-27614", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-27614" ], "unique" : false }, { "id" : "CVE-2024-52006", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52006" ], "unique" : false }, { "id" : "CVE-2025-27613", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-27613" ], "unique" : false }, { "id" : "CVE-2024-32020", "title" : "Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-32020" ], "unique" : false }, { "id" : "CVE-2024-32021", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-32021" ], "unique" : false }, { "id" : "CVE-2024-50349", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2024-50349" ], "unique" : false }, { "id" : "CVE-2025-46835", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-46835" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-32002", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-32002" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Git@2.39.3-1.el9_2?arch=noarch&distro=rhel-9.2&upstream=git-2.39.3-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-32002", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-32002" ], "unique" : false }, { "id" : "CVE-2025-48385", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2025-48385" ], "unique" : false }, { "id" : "CVE-2024-32004", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-32004" ], "unique" : false }, { "id" : "CVE-2025-48384", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-48384" ], "unique" : false }, { "id" : "CVE-2024-52005", "title" : "The sideband payload is passed unfiltered to the terminal in git", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-52005" ], "unique" : false }, { "id" : "CVE-2024-32465", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-32465" ], "unique" : false }, { "id" : "CVE-2025-27614", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-27614" ], "unique" : false }, { "id" : "CVE-2024-52006", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52006" ], "unique" : false }, { "id" : "CVE-2025-27613", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-27613" ], "unique" : false }, { "id" : "CVE-2024-32020", "title" : "Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-32020" ], "unique" : false }, { "id" : "CVE-2024-32021", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-32021" ], "unique" : false }, { "id" : "CVE-2024-50349", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2024-50349" ], "unique" : false }, { "id" : "CVE-2025-46835", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-46835" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-32002", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-32002" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/git-core-doc@2.39.3-1.el9_2?arch=noarch&distro=rhel-9.2&upstream=git-2.39.3-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-32002", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-32002" ], "unique" : false }, { "id" : "CVE-2025-48385", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2025-48385" ], "unique" : false }, { "id" : "CVE-2024-32004", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-32004" ], "unique" : false }, { "id" : "CVE-2025-48384", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-48384" ], "unique" : false }, { "id" : "CVE-2024-52005", "title" : "The sideband payload is passed unfiltered to the terminal in git", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-52005" ], "unique" : false }, { "id" : "CVE-2024-32465", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-32465" ], "unique" : false }, { "id" : "CVE-2025-27614", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-27614" ], "unique" : false }, { "id" : "CVE-2024-52006", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52006" ], "unique" : false }, { "id" : "CVE-2025-27613", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-27613" ], "unique" : false }, { "id" : "CVE-2024-32020", "title" : "Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-32020" ], "unique" : false }, { "id" : "CVE-2024-32021", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-32021" ], "unique" : false }, { "id" : "CVE-2024-50349", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2024-50349" ], "unique" : false }, { "id" : "CVE-2025-46835", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-46835" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-32002", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-32002" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=emacs-27.2-8.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2025-1244", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-1244" ], "unique" : false }, { "id" : "CVE-2024-30205", "title" : "In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-30205" ], "unique" : false }, { "id" : "CVE-2024-39331", "title" : "In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-39331" ], "unique" : false }, { "id" : "CVE-2024-53920", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-53920" ], "unique" : false }, { "id" : "CVE-2024-30203", "title" : "In Emacs before 29.3, Gnus treats inline MIME contents as trusted.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-30203" ], "unique" : false }, { "id" : "CVE-2024-30204", "title" : "In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-30204" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-1244", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-1244" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64&distro=rhel-9.2&upstream=less-590-1.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false }, { "id" : "CVE-2022-46663", "title" : "In GNU Less before 609, crafted data can result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-46663" ], "unique" : false }, { "id" : "CVE-2022-48624", "title" : "close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-48624" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64&distro=rhel-9.2&upstream=pam-1.5.1-14.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false }, { "id" : "CVE-2025-8941", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8941" ], "unique" : false }, { "id" : "CVE-2024-10963", "title" : "Pam: improper hostname interpretation in pam_access leads to access control bypass", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-10963" ], "unique" : false }, { "id" : "CVE-2024-22365", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22365" ], "unique" : false }, { "id" : "CVE-2024-10041", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-10041" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-lib@0.65-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2023-38408", "title" : "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-38408" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/nodejs-docs@16.19.1-1.el9_2?arch=noarch&distro=rhel-9.2&epoch=1&upstream=nodejs-16.19.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false }, { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false }, { "id" : "CVE-2022-4904", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-4904" ], "unique" : false }, { "id" : "CVE-2022-35255", "title" : "A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2022-35255" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2024-21892", "title" : "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process's elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-21892" ], "unique" : false }, { "id" : "CVE-2024-21896", "title" : "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 7.9, "severity" : "HIGH", "cves" : [ "CVE-2024-21896" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2021-35065", "title" : "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-35065" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false }, { "id" : "CVE-2022-3517", "title" : "A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3517" ], "unique" : false }, { "id" : "CVE-2022-43548", "title" : "A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-43548" ], "unique" : false }, { "id" : "CVE-2023-23918", "title" : "A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23918" ], "unique" : false }, { "id" : "CVE-2023-23919", "title" : "A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23919" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-38552", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-38552" ], "unique" : false }, { "id" : "CVE-2023-39331", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39331" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-22017", "title" : "setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-22017" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2024-21891", "title" : "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21891" ], "unique" : false }, { "id" : "CVE-2022-35256", "title" : "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35256" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22020", "title" : "A security flaw in Node.js allows a bypass of network import restrictions.\nBy embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.\nVerified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.\nExploiting this flaw can violate network import security, posing a risk to developers and servers.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22020" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2025-23167", "title" : "A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\\r\\n\\rX` instead of the required `\\r\\n\\r\\n`.\nThis inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.\n\nThe issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.\n\nImpact:\n* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23167" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2023-46809", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46809" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2023-39333", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39333" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-55132" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-21890", "title" : "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:\n```\n --allow-fs-read=/home/node/.ssh/*.pub\n```\n\nwill ignore `pub` and give access to everything after `.ssh/`.\n\nThis misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21890" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2023-45143", "title" : "Undici's cookie header not cleared on cross-origin redirect in fetch", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2023-45143" ], "unique" : false }, { "id" : "CVE-2024-36137", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.\r\n\r\nNode.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-36137" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false }, { "id" : "CVE-2024-22018", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2024-22018" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false }, { "id" : "CVE-2024-5154", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-5154" ], "unique" : false }, { "id" : "CVE-2025-21927", "title" : "nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21927" ], "unique" : false }, { "id" : "CVE-2023-1652", "title" : "A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-1652" ], "unique" : false }, { "id" : "CVE-2023-52922", "title" : "can: bcm: Fix UAF in bcm_proc_show()", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-52922" ], "unique" : false }, { "id" : "CVE-2024-36971", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-36971" ], "unique" : false }, { "id" : "CVE-2025-21756", "title" : "vsock: Keep the binding until socket destruction", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-21756" ], "unique" : false }, { "id" : "CVE-2025-22020", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-22020" ], "unique" : false }, { "id" : "CVE-2025-38052", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38052" ], "unique" : false }, { "id" : "CVE-2025-38087", "title" : "net/sched: fix use-after-free in taprio_dev_notifier", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38087" ], "unique" : false }, { "id" : "CVE-2022-41723", "title" : "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41723" ], "unique" : false }, { "id" : "CVE-2025-38471", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-38471" ], "unique" : false }, { "id" : "CVE-2024-42284", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-42284" ], "unique" : false }, { "id" : "CVE-2024-53104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-53104" ], "unique" : false }, { "id" : "CVE-2025-37750", "title" : "smb: client: fix UAF in decryption with multichannel", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-37750" ], "unique" : false }, { "id" : "CVE-2025-38250", "title" : "Bluetooth: hci_core: Fix use-after-free in vhci_flush()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-38250" ], "unique" : false }, { "id" : "CVE-2022-49846", "title" : "udf: Fix a slab-out-of-bounds write bug in udf_find_entry()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2022-49846" ], "unique" : false }, { "id" : "CVE-2023-52933", "title" : "Squashfs: fix handling and sanity checking of xattr_ids count", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-52933" ], "unique" : false }, { "id" : "CVE-2023-53751", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-53751" ], "unique" : false }, { "id" : "CVE-2023-6606", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6606" ], "unique" : false }, { "id" : "CVE-2023-6610", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6610" ], "unique" : false }, { "id" : "CVE-2024-35937", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-35937" ], "unique" : false }, { "id" : "CVE-2024-38538", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-38538" ], "unique" : false }, { "id" : "CVE-2024-53150", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-53150" ], "unique" : false }, { "id" : "CVE-2024-57947", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-57947" ], "unique" : false }, { "id" : "CVE-2025-21887", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21887" ], "unique" : false }, { "id" : "CVE-2025-21893", "title" : "keys: Fix UAF in key_put()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21893" ], "unique" : false }, { "id" : "CVE-2025-21920", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21920" ], "unique" : false }, { "id" : "CVE-2025-21969", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21969" ], "unique" : false }, { "id" : "CVE-2025-21979", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21979" ], "unique" : false }, { "id" : "CVE-2025-21993", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21993" ], "unique" : false }, { "id" : "CVE-2025-21997", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21997" ], "unique" : false }, { "id" : "CVE-2025-22026", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22026" ], "unique" : false }, { "id" : "CVE-2025-22055", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22055" ], "unique" : false }, { "id" : "CVE-2025-22058", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22058" ], "unique" : false }, { "id" : "CVE-2025-22104", "title" : "ibmvnic: Use kernel helpers for hex dumps", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22104" ], "unique" : false }, { "id" : "CVE-2025-22113", "title" : "ext4: avoid journaling sb update on error if journal is destroying", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22113" ], "unique" : false }, { "id" : "CVE-2025-22121", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22121" ], "unique" : false }, { "id" : "CVE-2025-37738", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37738" ], "unique" : false }, { "id" : "CVE-2025-37799", "title" : "vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37799" ], "unique" : false }, { "id" : "CVE-2025-38264", "title" : "nvme-tcp: sanitize request list handling", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-38264" ], "unique" : false }, { "id" : "CVE-2022-49977", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-49977" ], "unique" : false }, { "id" : "CVE-2022-50066", "title" : "net: atlantic: fix aq_vec index out of range error", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-50066" ], "unique" : false }, { "id" : "CVE-2023-53047", "title" : "tee: amdtee: fix race condition in amdtee_open_session", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53047" ], "unique" : false }, { "id" : "CVE-2023-53107", "title" : "veth: Fix use after free in XDP_REDIRECT", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53107" ], "unique" : false }, { "id" : "CVE-2023-6932", "title" : "Use-after-free in Linux kernel's ipv4: igmp component", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-6932" ], "unique" : false }, { "id" : "CVE-2024-0646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-0646" ], "unique" : false }, { "id" : "CVE-2024-46858", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-46858" ], "unique" : false }, { "id" : "CVE-2024-50154", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-50154" ], "unique" : false }, { "id" : "CVE-2024-53141", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-53141" ], "unique" : false }, { "id" : "CVE-2025-21727", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21727" ], "unique" : false }, { "id" : "CVE-2025-21764", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21764" ], "unique" : false }, { "id" : "CVE-2025-21867", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21867" ], "unique" : false }, { "id" : "CVE-2025-21919", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21919" ], "unique" : false }, { "id" : "CVE-2025-21926", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21926" ], "unique" : false }, { "id" : "CVE-2025-21966", "title" : "dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21966" ], "unique" : false }, { "id" : "CVE-2025-22004", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22004" ], "unique" : false }, { "id" : "CVE-2025-22126", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22126" ], "unique" : false }, { "id" : "CVE-2025-37797", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37797" ], "unique" : false }, { "id" : "CVE-2025-37803", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37803" ], "unique" : false }, { "id" : "CVE-2025-37890", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37890" ], "unique" : false }, { "id" : "CVE-2025-37914", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37914" ], "unique" : false }, { "id" : "CVE-2025-37943", "title" : "wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37943" ], "unique" : false }, { "id" : "CVE-2025-38079", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38079" ], "unique" : false }, { "id" : "CVE-2025-38086", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38086" ], "unique" : false }, { "id" : "CVE-2025-38124", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38124" ], "unique" : false }, { "id" : "CVE-2025-38177", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38177" ], "unique" : false }, { "id" : "CVE-2025-38200", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38200" ], "unique" : false }, { "id" : "CVE-2025-38332", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38332" ], "unique" : false }, { "id" : "CVE-2022-50616", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50616" ], "unique" : false }, { "id" : "CVE-2024-56614", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56614" ], "unique" : false }, { "id" : "CVE-2024-56615", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56615" ], "unique" : false }, { "id" : "CVE-2025-21883", "title" : "ice: Fix deinitializing VF in error path", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21883" ], "unique" : false }, { "id" : "CVE-2025-21928", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21928" ], "unique" : false }, { "id" : "CVE-2025-21929", "title" : "HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21929" ], "unique" : false }, { "id" : "CVE-2025-21991", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21991" ], "unique" : false }, { "id" : "CVE-2025-22085", "title" : "RDMA/core: Fix use-after-free when rename device name", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22085" ], "unique" : false }, { "id" : "CVE-2021-47383", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2021-47383" ], "unique" : false }, { "id" : "CVE-2025-21759", "title" : "ipv6: mcast: extend RCU protection in igmp6_send()", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21759" ], "unique" : false }, { "id" : "CVE-2023-28746", "title" : "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28746" ], "unique" : false }, { "id" : "CVE-2023-6356", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6356" ], "unique" : false }, { "id" : "CVE-2023-6535", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6535" ], "unique" : false }, { "id" : "CVE-2023-6536", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6536" ], "unique" : false }, { "id" : "CVE-2024-21823", "title" : "Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21823" ], "unique" : false }, { "id" : "CVE-2025-21999", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21999" ], "unique" : false }, { "id" : "CVE-2025-38350", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38350" ], "unique" : false }, { "id" : "CVE-2024-46695", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46695" ], "unique" : false }, { "id" : "CVE-2024-50275", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50275" ], "unique" : false }, { "id" : "CVE-2024-42292", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42292" ], "unique" : false }, { "id" : "CVE-2024-50302", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50302" ], "unique" : false }, { "id" : "CVE-2022-49395", "title" : "um: Fix out-of-bounds read in LDT setup", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49395" ], "unique" : false }, { "id" : "CVE-2023-5090", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5090" ], "unique" : false }, { "id" : "CVE-2024-26664", "title" : "hwmon: (coretemp) Fix out-of-bounds memory access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26664" ], "unique" : false }, { "id" : "CVE-2024-50264", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50264" ], "unique" : false }, { "id" : "CVE-2025-38110", "title" : "net/mdiobus: Fix potential out-of-bounds clause 45 read/write access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38110" ], "unique" : false }, { "id" : "CVE-2024-53122", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53122" ], "unique" : false }, { "id" : "CVE-2024-53197", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53197" ], "unique" : false }, { "id" : "CVE-2024-36941", "title" : "wifi: nl80211: don't free NULL coalescing rule", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36941" ], "unique" : false }, { "id" : "CVE-2024-38627", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38627" ], "unique" : false }, { "id" : "CVE-2022-50042", "title" : "net: genl: fix error path memory leak in policy dumping", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50042" ], "unique" : false }, { "id" : "CVE-2023-1074", "title" : "A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1074" ], "unique" : false }, { "id" : "CVE-2023-45862", "title" : "An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45862" ], "unique" : false }, { "id" : "CVE-2023-52490", "title" : "mm: migrate: fix getting incorrect page mapping during page migration", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52490" ], "unique" : false }, { "id" : "CVE-2023-52658", "title" : "Revert \"net/mlx5: Block entering switchdev mode with ns inconsistency\"", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52658" ], "unique" : false }, { "id" : "CVE-2023-53597", "title" : "cifs: fix mid leak during reconnection after timeout threshold", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53597" ], "unique" : false }, { "id" : "CVE-2023-53704", "title" : "clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53704" ], "unique" : false }, { "id" : "CVE-2023-54004", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54004" ], "unique" : false }, { "id" : "CVE-2023-54093", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54093" ], "unique" : false }, { "id" : "CVE-2023-54271", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54271" ], "unique" : false }, { "id" : "CVE-2023-7192", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7192" ], "unique" : false }, { "id" : "CVE-2024-0443", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0443" ], "unique" : false }, { "id" : "CVE-2024-26615", "title" : "net/smc: fix illegal rmb_desc access in SMC-D connection dump", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26615" ], "unique" : false }, { "id" : "CVE-2024-26878", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26878" ], "unique" : false }, { "id" : "CVE-2024-27046", "title" : "nfp: flower: handle acti_netdevs allocation failure", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27046" ], "unique" : false }, { "id" : "CVE-2024-27052", "title" : "wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27052" ], "unique" : false }, { "id" : "CVE-2024-35789", "title" : "wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35789" ], "unique" : false }, { "id" : "CVE-2024-35852", "title" : "mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35852" ], "unique" : false }, { "id" : "CVE-2024-35890", "title" : "gro: fix ownership transfer", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35890" ], "unique" : false }, { "id" : "CVE-2024-35907", "title" : "mlxbf_gige: call request_irq() after NAPI initialized", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35907" ], "unique" : false }, { "id" : "CVE-2024-35952", "title" : "drm/ast: Fix soft lockup", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35952" ], "unique" : false }, { "id" : "CVE-2024-35989", "title" : "dmaengine: idxd: Fix oops during rmmod on single-CPU platforms", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35989" ], "unique" : false }, { "id" : "CVE-2024-39483", "title" : "KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-39483" ], "unique" : false }, { "id" : "CVE-2024-40959", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-40959" ], "unique" : false }, { "id" : "CVE-2024-41035", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41035" ], "unique" : false }, { "id" : "CVE-2024-41064", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41064" ], "unique" : false }, { "id" : "CVE-2024-42079", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42079" ], "unique" : false }, { "id" : "CVE-2024-42272", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42272" ], "unique" : false }, { "id" : "CVE-2024-42283", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42283" ], "unique" : false }, { "id" : "CVE-2024-42322", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42322" ], "unique" : false }, { "id" : "CVE-2024-43854", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43854" ], "unique" : false }, { "id" : "CVE-2024-44990", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44990" ], "unique" : false }, { "id" : "CVE-2024-44994", "title" : "iommu: Restore lost return in iommu_report_device_fault()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44994" ], "unique" : false }, { "id" : "CVE-2024-45018", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45018" ], "unique" : false }, { "id" : "CVE-2024-46713", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46713" ], "unique" : false }, { "id" : "CVE-2024-46824", "title" : "iommufd: Require drivers to supply the cache_invalidate_user ops", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46824" ], "unique" : false }, { "id" : "CVE-2024-49949", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-49949" ], "unique" : false }, { "id" : "CVE-2024-50208", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50208" ], "unique" : false }, { "id" : "CVE-2024-50251", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50251" ], "unique" : false }, { "id" : "CVE-2024-50252", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50252" ], "unique" : false }, { "id" : "CVE-2024-53113", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53113" ], "unique" : false }, { "id" : "CVE-2025-21669", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21669" ], "unique" : false }, { "id" : "CVE-2025-21962", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21962" ], "unique" : false }, { "id" : "CVE-2025-21963", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21963" ], "unique" : false }, { "id" : "CVE-2025-21964", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21964" ], "unique" : false }, { "id" : "CVE-2025-37785", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-37785" ], "unique" : false }, { "id" : "CVE-2025-38234", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38234" ], "unique" : false }, { "id" : "CVE-2023-52448", "title" : "gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52448" ], "unique" : false }, { "id" : "CVE-2023-53755", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53755" ], "unique" : false }, { "id" : "CVE-2024-47745", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47745" ], "unique" : false }, { "id" : "CVE-2024-53088", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53088" ], "unique" : false }, { "id" : "CVE-2025-21961", "title" : "eth: bnxt: fix truesize for mb-xdp-pass case", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21961" ], "unique" : false }, { "id" : "CVE-2025-22036", "title" : "exfat: fix random stack corruption after get_block", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22036" ], "unique" : false }, { "id" : "CVE-2025-38417", "title" : "ice: fix eswitch code memory leak in reset scenario", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38417" ], "unique" : false }, { "id" : "CVE-2023-52771", "title" : "cxl/port: Fix delete_endpoint() vs parent unregistration race", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52771" ], "unique" : false }, { "id" : "CVE-2023-52864", "title" : "platform/x86: wmi: Fix opening of char device", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52864" ], "unique" : false }, { "id" : "CVE-2024-26855", "title" : "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26855" ], "unique" : false }, { "id" : "CVE-2024-35845", "title" : "wifi: iwlwifi: dbg-tlv: ensure NUL termination", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35845" ], "unique" : false }, { "id" : "CVE-2024-36922", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36922" ], "unique" : false }, { "id" : "CVE-2024-38555", "title" : "net/mlx5: Discard command completions in internal error", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38555" ], "unique" : false }, { "id" : "CVE-2024-38556", "title" : "net/mlx5: Add a timeout to acquire the command queue semaphore", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38556" ], "unique" : false }, { "id" : "CVE-2024-43855", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43855" ], "unique" : false }, { "id" : "CVE-2024-46826", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46826" ], "unique" : false }, { "id" : "CVE-2024-26897", "title" : "wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26897" ], "unique" : false }, { "id" : "CVE-2024-38586", "title" : "r8169: Fix possible ring buffer corruption on fragmented Tx packets.", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38586" ], "unique" : false }, { "id" : "CVE-2022-50846", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2022-50846" ], "unique" : false }, { "id" : "CVE-2023-53639", "title" : "wifi: ath6kl: reduce WARN to dev_dbg() in callback", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-53639" ], "unique" : false }, { "id" : "CVE-2023-54153", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-54153" ], "unique" : false }, { "id" : "CVE-2023-54267", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2023-54267" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libquadmath@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgfortran@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64&distro=rhel-9.2&upstream=binutils-2.35.2-37.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false }, { "id" : "CVE-2025-11082", "title" : "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11082" ], "unique" : false }, { "id" : "CVE-2025-11083", "title" : "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11083" ], "unique" : false }, { "id" : "CVE-2025-5244", "title" : "GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5244" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64&distro=rhel-9.2&upstream=binutils-2.35.2-37.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false }, { "id" : "CVE-2025-11081", "title" : "GNU Binutils objdump.c dump_dwarf_section out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11081" ], "unique" : false }, { "id" : "CVE-2025-11082", "title" : "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11082" ], "unique" : false }, { "id" : "CVE-2025-11083", "title" : "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11083" ], "unique" : false }, { "id" : "CVE-2025-11413", "title" : "GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11413" ], "unique" : false }, { "id" : "CVE-2025-5244", "title" : "GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5244" ], "unique" : false }, { "id" : "CVE-2025-11412", "title" : "GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11412" ], "unique" : false }, { "id" : "CVE-2025-11414", "title" : "GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11414" ], "unique" : false }, { "id" : "CVE-2025-11494", "title" : "GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11494" ], "unique" : false }, { "id" : "CVE-2025-11495", "title" : "GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11495" ], "unique" : false }, { "id" : "CVE-2025-11839", "title" : "GNU Binutils prdbg.c tg_tag_type return value", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11839" ], "unique" : false }, { "id" : "CVE-2025-11840", "title" : "GNU Binutils ldmisc.c vfinfo out-of-bounds", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-11840" ], "unique" : false }, { "id" : "CVE-2025-66861", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66861" ], "unique" : false }, { "id" : "CVE-2025-66862", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66862" ], "unique" : false }, { "id" : "CVE-2025-66863", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66863" ], "unique" : false }, { "id" : "CVE-2025-66864", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66864" ], "unique" : false }, { "id" : "CVE-2025-66865", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66865" ], "unique" : false }, { "id" : "CVE-2025-66866", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-66866" ], "unique" : false }, { "id" : "CVE-2025-69647", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69647" ], "unique" : false }, { "id" : "CVE-2025-69648", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69648" ], "unique" : false }, { "id" : "CVE-2025-69649", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69649" ], "unique" : false }, { "id" : "CVE-2025-69650", "title" : "GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69650" ], "unique" : false }, { "id" : "CVE-2025-69652", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-69652" ], "unique" : false }, { "id" : "CVE-2025-69645", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69645" ], "unique" : false }, { "id" : "CVE-2025-69646", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69646" ], "unique" : false }, { "id" : "CVE-2025-69651", "title" : "GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-69651" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64&distro=rhel-9.2&upstream=gdb-10.2-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-3826", "title" : "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3826" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64&distro=rhel-9.2&upstream=gdb-10.2-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-3826", "title" : "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3826" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-3826", "title" : "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3826" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64&distro=rhel-9.2&upstream=pam-1.5.1-14.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false }, { "id" : "CVE-2025-8941", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8941" ], "unique" : false }, { "id" : "CVE-2024-10963", "title" : "Pam: improper hostname interpretation in pam_access leads to access control bypass", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-10963" ], "unique" : false }, { "id" : "CVE-2024-22365", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22365" ], "unique" : false }, { "id" : "CVE-2024-10041", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-10041" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false }, { "id" : "CVE-2026-40224", "title" : "In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40224" ], "unique" : false }, { "id" : "CVE-2026-4105", "title" : "Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4105" ], "unique" : false }, { "id" : "CVE-2026-40225", "title" : "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40225" ], "unique" : false }, { "id" : "CVE-2026-40226", "title" : "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40226" ], "unique" : false }, { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2026-40227", "title" : "In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40227" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false }, { "id" : "CVE-2026-40223", "title" : "In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40223" ], "unique" : false }, { "id" : "CVE-2026-40228", "title" : "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-40228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64&distro=rhel-9.2&upstream=python-ethtool-0.15-2.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch&distro=rhel-9.2&upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "title" : "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64&distro=rhel-9.2&upstream=tpm2-tss-3.0.3-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch&distro=rhel-9.2&upstream=python-urllib3-1.26.5-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-66418", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-66418" ], "unique" : false }, { "id" : "CVE-2025-66471", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-66471" ], "unique" : false }, { "id" : "CVE-2026-21441", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21441" ], "unique" : false }, { "id" : "CVE-2024-7143", "title" : "Pulpcore: rbac permissions incorrectly assigned in tasks that create objects", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7143" ], "unique" : false }, { "id" : "CVE-2023-43804", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43804" ], "unique" : false }, { "id" : "CVE-2024-37891", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37891" ], "unique" : false }, { "id" : "CVE-2023-45803", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45803" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-idna@2.10-7.el9?arch=noarch&distro=rhel-9.2&upstream=python-idna-2.10-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3651", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3651", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm", "issues" : [ { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false }, { "id" : "CVE-2024-38475", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38475" ], "unique" : false }, { "id" : "CVE-2024-38476", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38476" ], "unique" : false }, { "id" : "CVE-2023-27522", "title" : "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-27522" ], "unique" : false }, { "id" : "CVE-2023-31122", "title" : "Apache HTTP Server: mod_macro buffer over-read", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-31122" ], "unique" : false }, { "id" : "CVE-2024-38477", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-38477" ], "unique" : false }, { "id" : "CVE-2024-47252", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-47252" ], "unique" : false }, { "id" : "CVE-2025-23048", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23048" ], "unique" : false }, { "id" : "CVE-2025-49812", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49812" ], "unique" : false }, { "id" : "CVE-2025-59775", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59775" ], "unique" : false }, { "id" : "CVE-2024-39573", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-39573" ], "unique" : false }, { "id" : "CVE-2025-58098", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-58098" ], "unique" : false }, { "id" : "CVE-2023-38709", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38709" ], "unique" : false }, { "id" : "CVE-2025-65082", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-65082" ], "unique" : false }, { "id" : "CVE-2025-66200", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66200" ], "unique" : false }, { "id" : "CVE-2024-38473", "title" : "Apache HTTP Server proxy encoding problem", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38473" ], "unique" : false }, { "id" : "CVE-2024-24795", "title" : "Apache HTTP Server: HTTP Response Splitting in multiple modules", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24795" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libpq-13.5-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-1094", "title" : "PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-1094" ], "unique" : false }, { "id" : "CVE-2025-12818", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12818" ], "unique" : false }, { "id" : "CVE-2022-41862", "title" : "In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2022-41862" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpq@13.5-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libpq-13.5-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-1094", "title" : "PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-1094" ], "unique" : false }, { "id" : "CVE-2025-12818", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12818" ], "unique" : false }, { "id" : "CVE-2022-41862", "title" : "In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2022-41862" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-1094", "title" : "PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-1094" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=sscg-3.0.0-7.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false }, { "id" : "CVE-2026-40355", "title" : "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40355" ], "unique" : false }, { "id" : "CVE-2026-40356", "title" : "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40356" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch&distro=rhel-9.2&upstream=python-inotify-0.9.6-25.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "title" : "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64&distro=rhel-9.2&upstream=tpm2-tss-3.0.3-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "title" : "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64&distro=rhel-9.2&upstream=pam-1.5.1-14.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false }, { "id" : "CVE-2025-8941", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8941" ], "unique" : false }, { "id" : "CVE-2024-10963", "title" : "Pam: improper hostname interpretation in pam_access leads to access control bypass", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-10963" ], "unique" : false }, { "id" : "CVE-2024-22365", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22365" ], "unique" : false }, { "id" : "CVE-2024-10041", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-10041" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6020", "title" : "Linux-pam: linux-pam directory traversal", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-6020" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false }, { "id" : "CVE-2026-40224", "title" : "In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40224" ], "unique" : false }, { "id" : "CVE-2026-4105", "title" : "Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4105" ], "unique" : false }, { "id" : "CVE-2026-40225", "title" : "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40225" ], "unique" : false }, { "id" : "CVE-2026-40226", "title" : "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40226" ], "unique" : false }, { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2026-40227", "title" : "In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40227" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false }, { "id" : "CVE-2026-40223", "title" : "In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40223" ], "unique" : false }, { "id" : "CVE-2026-40228", "title" : "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-40228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-cloud-what@1.29.33.1-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dmidecode-3.3-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-30630", "title" : "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-30630" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-30630", "title" : "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-30630" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-decorator-4.4.2-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2727", "title" : "Bypassing policies imposed by the ImagePolicyWebhook admission plugin", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2727" ], "unique" : false }, { "id" : "CVE-2023-2728", "title" : "Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2728" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2727", "title" : "Bypassing policies imposed by the ImagePolicyWebhook admission plugin", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2727" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64&distro=rhel-9.2&upstream=tpm2-tss-3.0.3-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-requests@2.25.1-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-requests-2.25.1-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-32681", "title" : "Unintended leak of Proxy-Authorization header in requests", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32681" ], "unique" : false }, { "id" : "CVE-2024-35195", "title" : "Requests `Session` object does not verify requests after making first request with verify=False", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35195" ], "unique" : false }, { "id" : "CVE-2024-47081", "title" : "Requests vulnerable to .netrc credentials leak via malicious URLs", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47081" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-32681", "title" : "Unintended leak of Proxy-Authorization header in requests", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32681" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=gd-2.3.2-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/libwebp@1.2.0-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libwebp-1.2.0-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/graphite2@1.3.14-9.el9?arch=x86_64&distro=rhel-9.2&upstream=graphite2-1.3.14-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-5436", "title" : "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2017-5436" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-5436", "title" : "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2017-5436" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libtiff-4.4.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-9900", "title" : "Libtiff: libtiff write-what-where", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-9900" ], "unique" : false }, { "id" : "CVE-2025-8176", "title" : "LibTIFF tiffmedian.c get_histogram use after free", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8176" ], "unique" : false }, { "id" : "CVE-2026-4775", "title" : "Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-4775" ], "unique" : false }, { "id" : "CVE-2017-17095", "title" : "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2017-17095" ], "unique" : false }, { "id" : "CVE-2023-52355", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52355" ], "unique" : false }, { "id" : "CVE-2023-52356", "title" : "Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52356" ], "unique" : false }, { "id" : "CVE-2024-7006", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-7006" ], "unique" : false }, { "id" : "CVE-2022-40090", "title" : "An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40090" ], "unique" : false }, { "id" : "CVE-2023-3618", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3618" ], "unique" : false }, { "id" : "CVE-2023-40745", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-40745" ], "unique" : false }, { "id" : "CVE-2023-41175", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-41175" ], "unique" : false }, { "id" : "CVE-2023-0795", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0795" ], "unique" : false }, { "id" : "CVE-2023-0796", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0796" ], "unique" : false }, { "id" : "CVE-2023-0797", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0797" ], "unique" : false }, { "id" : "CVE-2023-0798", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0798" ], "unique" : false }, { "id" : "CVE-2023-0800", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0800" ], "unique" : false }, { "id" : "CVE-2023-0801", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0801" ], "unique" : false }, { "id" : "CVE-2023-0802", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0802" ], "unique" : false }, { "id" : "CVE-2023-0803", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0803" ], "unique" : false }, { "id" : "CVE-2023-0804", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0804" ], "unique" : false }, { "id" : "CVE-2022-48281", "title" : "processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., \"WRITE of size 307203\") via a crafted TIFF image.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48281" ], "unique" : false }, { "id" : "CVE-2023-0799", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0799" ], "unique" : false }, { "id" : "CVE-2023-26965", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-26965" ], "unique" : false }, { "id" : "CVE-2023-26966", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-26966" ], "unique" : false }, { "id" : "CVE-2023-2731", "title" : "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2731" ], "unique" : false }, { "id" : "CVE-2023-3316", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3316" ], "unique" : false }, { "id" : "CVE-2023-3576", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3576" ], "unique" : false }, { "id" : "CVE-2025-61143", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61143" ], "unique" : false }, { "id" : "CVE-2025-61144", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61144" ], "unique" : false }, { "id" : "CVE-2025-61145", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61145" ], "unique" : false }, { "id" : "CVE-2023-6228", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-6228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-9900", "title" : "Libtiff: libtiff write-what-where", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-9900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64&distro=rhel-9.2&upstream=freetype-2.10.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false }, { "id" : "CVE-2026-23865", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-23865" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=libpng-1.6.37-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-33636", "title" : "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2026-33636" ], "unique" : false }, { "id" : "CVE-2026-33416", "title" : "LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-33416" ], "unique" : false }, { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2025-66293", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-66293" ], "unique" : false }, { "id" : "CVE-2026-25646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-25646" ], "unique" : false }, { "id" : "CVE-2026-22801", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22801" ], "unique" : false }, { "id" : "CVE-2025-28162", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-28162" ], "unique" : false }, { "id" : "CVE-2025-64506", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-64506" ], "unique" : false }, { "id" : "CVE-2026-22695", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22695" ], "unique" : false }, { "id" : "CVE-2026-3713", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3713" ], "unique" : false }, { "id" : "CVE-2025-28164", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-28164" ], "unique" : false }, { "id" : "CVE-2025-64505", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-64505" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-33636", "title" : "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2026-33636" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false }, { "id" : "CVE-2026-22693", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22693" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libjpeg-turbo@2.0.90-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libjpeg-turbo-2.0.90-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2021-29390", "title" : "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2021-29390" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-29390", "title" : "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2021-29390" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libXpm@3.5.13-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libXpm-3.5.13-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false }, { "id" : "CVE-2023-43789", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43789" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64&distro=rhel-9.2&upstream=libxslt-1.1.34-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-55549", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-55549" ], "unique" : false }, { "id" : "CVE-2025-24855", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24855" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-40403", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-40403" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxslt@1.1.34-9.el9?arch=x86_64&distro=rhel-9.2&upstream=libxslt-1.1.34-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-55549", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-55549" ], "unique" : false }, { "id" : "CVE-2025-24855", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24855" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-40403", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-40403" ], "unique" : false }, { "id" : "CVE-2025-10911", "title" : "Libxslt: use-after-free with key data stored cross-rvt", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-10911" ], "unique" : false }, { "id" : "CVE-2025-11731", "title" : "Libxslt: type confusion in exsltfuncresultcompfunction of libxslt", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-11731" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-55549", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-55549" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-devel@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch&distro=rhel-9.2&upstream=sgml-common-0.6.3-58.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-devel@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64&distro=rhel-9.2&upstream=json-c-0.14-11.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2025-70873", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-70873" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64&distro=rhel-9.2&upstream=atlas-3.10.3-17.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libquadmath@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgfortran@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch&distro=rhel-9.2&upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-base@2.27-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch&distro=rhel-9.2&upstream=hunspell-en-0.20140811.1-20.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64&distro=rhel-9.2&upstream=pcre-8.44-3.el9.3.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Digest-1.19-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false }, { "id" : "CVE-2026-34743", "title" : "XZ Utils: Buffer overflow in lzma_index_append()", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-34743" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64&distro=rhel-9.2&upstream=nss_wrapper-1.1.13-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch&distro=rhel-9.2&upstream=automake-1.16.2-6.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=emacs-27.2-8.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2025-1244", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-1244" ], "unique" : false }, { "id" : "CVE-2024-30205", "title" : "In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-30205" ], "unique" : false }, { "id" : "CVE-2024-39331", "title" : "In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-39331" ], "unique" : false }, { "id" : "CVE-2024-53920", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-53920" ], "unique" : false }, { "id" : "CVE-2024-30203", "title" : "In Emacs before 29.3, Gnus treats inline MIME contents as trusted.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-30203" ], "unique" : false }, { "id" : "CVE-2024-30204", "title" : "In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-30204" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-1244", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-1244" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64&distro=rhel-9.2&upstream=libdb-5.3.28-53.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libverto-0.3.2-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64&distro=rhel-9.2&upstream=patch-2.7.6-16.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64&distro=rhel-9.2&upstream=wget-1.21.1-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-38428", "title" : "url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38428" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64&distro=rhel-9.2&upstream=libgpg-error-1.42-5.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64&distro=rhel-9.2&upstream=libpsl-0.21.1-5.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64&distro=rhel-9.2&upstream=libtool-2.4.6-45.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Thread-Queue-3.14-460.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64&distro=rhel-9.2&upstream=gdb-10.2-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-3826", "title" : "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3826" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64&distro=rhel-9.2&upstream=libipt-2.0.4-5.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64&distro=rhel-9.2&upstream=e2fsprogs-1.46.5-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libxcrypt-4.4.18-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64&distro=rhel-9.2&upstream=ding-libs-0.6.1-53.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64&distro=rhel-9.2&upstream=boost-1.75.0-8.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch&distro=rhel-9.2&upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libtalloc-2.3.4-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64&distro=rhel-9.2&upstream=m4-1.4.19-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libXpm-3.5.13-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false }, { "id" : "CVE-2023-43789", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43789" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-devel@1.7.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-xcb@1.7.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libXpm@3.5.13-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libXpm-3.5.13-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false }, { "id" : "CVE-2023-43789", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43789" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64&distro=rhel-9.2&upstream=source-highlight-3.1.9-11.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch&distro=rhel-9.2&upstream=rootfiles-8.1-31.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64&distro=rhel-9.2&upstream=hostname-3.23-6.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=enchant-1.6.0-30.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2025-70873", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-70873" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dmidecode-3.3-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-30630", "title" : "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-30630" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch&distro=rhel-9.2&upstream=autoconf-2.69-38.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=emacs-27.2-8.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2025-1244", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-1244" ], "unique" : false }, { "id" : "CVE-2024-30205", "title" : "In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-30205" ], "unique" : false }, { "id" : "CVE-2024-39331", "title" : "In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-39331" ], "unique" : false }, { "id" : "CVE-2024-53920", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-53920" ], "unique" : false }, { "id" : "CVE-2024-30203", "title" : "In Emacs before 29.3, Gnus treats inline MIME contents as trusted.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-30203" ], "unique" : false }, { "id" : "CVE-2024-30204", "title" : "In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-30204" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-1244", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-1244" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64&distro=rhel-9.2&upstream=keyutils-1.6.3-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64&distro=rhel-9.2&upstream=babeltrace-1.5.8-10.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch&distro=rhel-9.2&upstream=hunspell-en-0.20140811.1-20.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch&distro=rhel-9.2&upstream=hunspell-en-0.20140811.1-20.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64&distro=rhel-9.2&upstream=nss_wrapper-1.1.13-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64&distro=rhel-9.2&upstream=llvm-15.0.7-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=tar-1.34-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-45582", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-45582" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64&distro=rhel-9.2&upstream=annobin-11.05-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 1884k 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 1884k 0 0 100 1884k 0 852k 0:00:02 0:00:02 --:--:-- 852k 100 1899k 0 15645 100 1884k 6775 815k 0:00:02 0:00:02 --:--:-- 822k 100 3768k 0 1884k 100 1884k 571k 571k 0:00:03 0:00:03 --:--:-- 1142k 100 10.5M 0 8914k 100 1884k 2243k 474k 0:00:03 0:00:03 --:--:-- 2717k "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=vim-8.2.2637-20.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-34982", "title" : "Vim modeline bypass via various options affects Vim < 9.2.0276", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-34982" ], "unique" : false }, { "id" : "CVE-2026-25749", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-25749" ], "unique" : false }, { "id" : "CVE-2026-33412", "title" : "Vim affected by Command injection via newline in glob()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-33412" ], "unique" : false }, { "id" : "CVE-2023-4752", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-4752" ], "unique" : false }, { "id" : "CVE-2021-3903", "title" : "Heap-based Buffer Overflow in vim/vim", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3903" ], "unique" : false }, { "id" : "CVE-2026-28421", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28421" ], "unique" : false }, { "id" : "CVE-2026-28417", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28417" ], "unique" : false }, { "id" : "CVE-2025-53905", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53905" ], "unique" : false }, { "id" : "CVE-2025-53906", "title" : "Vim has path traversal issue with zip.vim and special crafted zip archives", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53906" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } } ] } } } }, "licenses" : [ { "status" : { "ok" : true, "name" : "deps.dev", "code" : 200, "message" : "OK", "warnings" : { } }, "summary" : { "total" : 109, "concluded" : 402, "permissive" : 103, "weakCopyleft" : 0, "strongCopyleft" : 1, "unknown" : 5, "deprecated" : 1, "osiApproved" : 104, "fsfLibre" : 105 }, "packages" : { "pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch&distro=rhel-9.2&upstream=hunspell-en-0.20140811.1-20.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/hostname@3.23-6.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/libffi-devel@3.4.2-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libffi-3.4.2-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/just-diff@5.1.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/langpacks-core-en@3.0-16.el9?arch=noarch&distro=rhel-9.2&upstream=langpacks-3.0-16.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/delegates@1.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/isexe@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/tiny-relative-date@1.3.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libXpm@3.5.13-8.el9_1" : { "evidence" : [ ] }, "pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64&distro=rhel-9.2&upstream=cyrus-sasl-2.1.27-21.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/m4@1.4.19-1.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch&distro=rhel-9.2&upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/read-cmd-shim@3.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/util-deprecate@1.0.2" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libsemanage@3.5-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libsemanage-3.5-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/ed@1.14.2-12.el9?arch=x86_64&distro=rhel-9.2&upstream=ed-1.14.2-12.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/qt5-srpm-macros@5.15.3-1.el9?arch=noarch&distro=rhel-9.2&upstream=qt5-5.15.3-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-File-Temp@0.231.100-4.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/graphite2-devel@1.3.14-9.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre-utf32@8.44-3.el9.3" : { "evidence" : [ ] }, "pkg:pypi/pysocks@1.7.1" : { "concluded" : { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:pypi/blinker@1.9.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:pypi/rpm@4.16.1.3" : { "evidence" : [ ] }, "pkg:rpm/redhat/fonts-filesystem@2.0.5-7.el9.1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=fonts-rpm-macros-2.0.5-7.el9.1.src.rpm" : { "evidence" : [ ] }, "pkg:npm/builtins@5.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/perl-Carp@1.50-460.el9" : { "evidence" : [ ] }, "pkg:pypi/libcomps@0.1.18" : { "evidence" : [ ] }, "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-File-stat@1.09-480.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-IO@1.43-480.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/jbigkit-libs@2.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=jbigkit-2.1-23.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/%40npmcli/query@1.2.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/crypto-policies@20221215-1.git9a18988.el9?arch=noarch&distro=rhel-9.2&upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/harfbuzz-icu@2.7.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=harfbuzz-2.7.4-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-idna@2.10-7.el9?arch=noarch&distro=rhel-9.2&upstream=python-idna-2.10-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre-devel@8.44-3.el9.3?arch=x86_64&distro=rhel-9.2&upstream=pcre-8.44-3.el9.3.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/lua-libs@5.4.4-3.el9?arch=x86_64&distro=rhel-9.2&upstream=lua-5.4.4-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/cyrus-sasl-lib@2.1.27-21.el9?arch=x86_64&distro=rhel-9.2&upstream=cyrus-sasl-2.1.27-21.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/markupsafe@3.0.3" : { "concluded" : { "identifiers" : [ { "id" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libacl@2.3.1-3.el9?arch=x86_64&distro=rhel-9.2&upstream=acl-2.3.1-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:oci/python-component-sukmsc@sha256%3Ab4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901" : { "evidence" : [ ] }, "pkg:rpm/redhat/gd@2.3.2-3.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/readline@8.1-4.el9?arch=x86_64&distro=rhel-9.2&upstream=readline-8.1-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/autoconf@2.69-38.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libattr@2.5.1-3.el9?arch=x86_64&distro=rhel-9.2&upstream=attr-2.5.1-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/brotli-devel@1.0.9-6.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/pkgconf-m4@1.7.3-10.el9?arch=noarch&distro=rhel-9.2&upstream=pkgconf-1.7.3-10.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/set-blocking@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libsepol-devel@3.5-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libsepol-3.5-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libdnf@0.69.0-3.el9_2?arch=x86_64&distro=rhel-9.2&upstream=libdnf-0.69.0-3.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64&distro=rhel-9.2&upstream=llvm-15.0.7-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libxcb@1.13.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=libxcb-1.13.1-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/lsof@4.94.0-3.el9" : { "evidence" : [ ] }, "pkg:npm/unique-filename@2.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/dnf@4.14.0-5.el9_2?arch=noarch&distro=rhel-9.2&upstream=dnf-4.14.0-5.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/cracklib-dicts@2.9.6-27.el9?arch=x86_64&distro=rhel-9.2&upstream=cracklib-2.9.6-27.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/cyrus-sasl@2.1.27-21.el9?arch=x86_64&distro=rhel-9.2&upstream=cyrus-sasl-2.1.27-21.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/tcl@8.6.10-7.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=tcl-8.6.10-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/jinja2@3.1.6" : { "concluded" : { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libXau-devel@1.0.9-8.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/groff-base@1.22.4-10.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/openssl-devel@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/importlib-metadata@8.7.1" : { "concluded" : { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/perl-PathTools@3.78-461.el9?arch=x86_64&distro=rhel-9.2&upstream=perl-PathTools-3.78-461.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/debuglog@1.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/bin-links@3.0.3" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/json-glib@1.6.6-1.el9?arch=x86_64&distro=rhel-9.2&upstream=json-glib-1.6.6-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2" : { "evidence" : [ ] }, "pkg:npm/emoji-regex@8.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/mariadb-connector-c-config@3.2.6-1.el9_0" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2" : { "evidence" : [ ] }, "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/acl@2.3.1-3.el9?arch=x86_64&distro=rhel-9.2&upstream=acl-2.3.1-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/librepo@1.14.5-1.el9?arch=x86_64&distro=rhel-9.2&upstream=librepo-1.14.5-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libreport-filesystem@2.15.2-6.el9?arch=noarch&distro=rhel-9.2&upstream=libreport-2.15.2-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/promise-call-limit@1.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/libnpmpack@4.1.3" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libksba@1.5.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libksba-1.5.1-6.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcap-ng@0.8.2-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-ng-0.8.2-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libXau@1.0.9-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libXau-1.0.9-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/dnf-data@4.14.0-5.el9_2?arch=noarch&distro=rhel-9.2&upstream=dnf-4.14.0-5.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/info@6.7-15.el9?arch=x86_64&distro=rhel-9.2&upstream=texinfo-6.7-15.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/scl-utils@2.0.3-4.el9" : { "evidence" : [ ] }, "pkg:npm/%40npmcli/git@3.0.2" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/pcre@8.44-3.el9.3?arch=x86_64&distro=rhel-9.2&upstream=pcre-8.44-3.el9.3.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-base@2.27-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64&distro=rhel-9.2&upstream=gdb-10.2-10.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/dejavu-sans-fonts@2.37-18.el9?arch=noarch&distro=rhel-9.2&upstream=dejavu-fonts-2.37-18.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libtiff-4.4.0-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch&distro=rhel-9.2&upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Scalar-List-Utils@1.56-461.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-Scalar-List-Utils-1.56-461.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/safe-buffer@5.2.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/grep@3.6-5.el9?arch=x86_64&distro=rhel-9.2&upstream=grep-3.6-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/findutils@4.8.0-5.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64&distro=rhel-9.2&upstream=tpm2-tss-3.0.3-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/pyinotify@0.9.6" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.2" : { "evidence" : [ ] }, "pkg:pypi/itsdangerous@2.2.0" : { "concluded" : { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/boost-regex@1.75.0-8.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64&distro=rhel-9.2&upstream=openssh-8.7p1-29.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libzstd@1.5.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=zstd-1.5.1-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Encode@3.08-462.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-Encode-3.08-462.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Term-Cap@1.17-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Term-Cap-1.17-460.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/popt@1.18-8.el9?arch=x86_64&distro=rhel-9.2&upstream=popt-1.18-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/readable-stream@3.6.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64&distro=rhel-9.2&upstream=gdb-10.2-10.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libunistring@0.9.10-15.el9?arch=x86_64&distro=rhel-9.2&upstream=libunistring-0.9.10-15.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/text-table@0.2.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/langpacks-core-font-en@3.0-16.el9?arch=noarch&distro=rhel-9.2&upstream=langpacks-3.0-16.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64&distro=rhel-9.2&upstream=libdnf-0.69.0-3.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:npm/%40npmcli/map-workspaces@2.0.4" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libpwquality@1.4.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libpwquality-1.4.4-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-gobject-base-noarch@3.40.1-6.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/zip@3.0-35.el9?arch=x86_64&distro=rhel-9.2&upstream=zip-3.0-35.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/wcwidth@1.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Thread-Queue-3.14-460.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gpgme@1.15.1-6.el9?arch=x86_64&distro=rhel-9.2&upstream=gpgme-1.15.1-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/ms@2.1.3" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/path-is-absolute@1.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/glib2-devel@2.68.4-6.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/pyproject-srpm-macros@1.6.2-1.el9?arch=noarch&distro=rhel-9.2&upstream=pyproject-rpm-macros-1.6.2-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Digest-1.19-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/requests@2.25.1" : { "concluded" : { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libsigsegv@2.13-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libsigsegv-2.13-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/zlib@1.2.11-39.el9?arch=x86_64&distro=rhel-9.2&upstream=zlib-1.2.11-39.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/read-package-json@5.0.2" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/redhat-release@9.2-0.13.el9?arch=x86_64&distro=rhel-9.2&upstream=redhat-release-9.2-0.13.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch&distro=rhel-9.2&upstream=rootfiles-8.1-31.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libffi@3.4.2-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libffi-3.4.2-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-dbus@1.2.18-2.el9?arch=x86_64&distro=rhel-9.2&upstream=dbus-python-1.2.18-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Errno@1.30-480.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/libassuan@2.5.5-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libassuan-2.5.5-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/alternatives@1.20-2.el9?arch=x86_64&distro=rhel-9.2&upstream=chkconfig-1.20-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gettext@0.21-7.el9?arch=x86_64&distro=rhel-9.2&upstream=gettext-0.21-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/ip@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/validate-npm-package-license@3.0.4" : { "concluded" : { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/rimraf@3.0.2" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/%40tootallnate/once@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/yallist@4.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/cmake@3.20.2-8.el9?arch=x86_64&distro=rhel-9.2&upstream=cmake-3.20.2-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libpath_utils@0.2.1-53.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=nodejs-16.19.1-1.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1" : { "evidence" : [ ] }, "pkg:npm/%40npmcli/package-json@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libidn2@2.3.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libidn2-2.3.0-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/read@1.0.7" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64&distro=rhel-9.2&upstream=annobin-11.05-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64&distro=rhel-9.2&upstream=patch-2.7.6-16.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/ignore-walk@5.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/npth@1.6-8.el9?arch=x86_64&distro=rhel-9.2&upstream=npth-1.6-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/libnpmpublish@6.0.5" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/safer-buffer@2.1.2" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/mpfr@4.1.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=mpfr-4.1.0-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-File-Find@1.37-480.el9" : { "evidence" : [ ] }, "pkg:npm/npm-install-checks@5.0.0" : { "concluded" : { "identifiers" : [ { "id" : "BSD-2-Clause", "name" : "BSD 2-Clause \"Simplified\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-2-Clause", "name" : "BSD 2-Clause \"Simplified\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "BSD-2-Clause", "name" : "BSD 2-Clause \"Simplified\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-2-Clause", "name" : "BSD 2-Clause \"Simplified\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/perl-AutoLoader@5.74-480.el9" : { "evidence" : [ ] }, "pkg:npm/fs-minipass@2.1.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64&distro=rhel-9.2&upstream=usermode-1.114-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2" : { "evidence" : [ ] }, "pkg:rpm/redhat/elfutils-libelf@0.188-3.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/ip-regex@4.3.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/archy@1.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64&distro=rhel-9.2&upstream=json-c-0.14-11.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/git@2.39.3-1.el9_2" : { "evidence" : [ ] }, "pkg:npm/spdx-correct@3.1.1" : { "concluded" : { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libtalloc@2.3.4-1.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-8.10" : { "evidence" : [ ] }, "pkg:rpm/redhat/lz4-libs@1.9.3-5.el9?arch=x86_64&distro=rhel-9.2&upstream=lz4-1.9.3-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libyaml@0.2.5-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libyaml-0.2.5-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-chardet@4.0.0-5.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch&distro=rhel-9.2&upstream=sgml-common-0.6.3-58.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64&distro=rhel-9.2&upstream=libpsl-0.21.1-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/opener@1.5.2" : { "concluded" : { "identifiers" : [ { "id" : "WTFPL", "name" : "Do What The F*ck You Want To Public License", "isDeprecated" : false, "isOsiApproved" : false, "isFsfLibre" : true, "category" : "UNKNOWN" }, { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "(WTFPL OR MIT)", "name" : "Do What The F*ck You Want To Public License OR MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "WTFPL", "name" : "Do What The F*ck You Want To Public License", "isDeprecated" : false, "isOsiApproved" : false, "isFsfLibre" : true, "category" : "UNKNOWN" }, { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "(WTFPL OR MIT)", "name" : "Do What The F*ck You Want To Public License OR MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/npm-bundled@1.1.2" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch&distro=rhel-9.2&upstream=cmake-3.20.2-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libquadmath@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/six@1.15.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2" : { "evidence" : [ ] }, "pkg:npm/minimatch@5.1.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libverto@0.3.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libverto-0.3.2-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Net-SSLeay@1.92-2.el9?arch=x86_64&distro=rhel-9.2&upstream=perl-Net-SSLeay-1.92-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/spdx-expression-parse@3.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2" : { "evidence" : [ ] }, "pkg:npm/string-width@4.2.3" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:pypi/werkzeug@3.1.8" : { "concluded" : { "identifiers" : [ { "id" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64&distro=rhel-9.2&upstream=nss_wrapper-1.1.13-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/socks-proxy-agent@7.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libfdisk@2.37.4-10.el9" : { "evidence" : [ ] }, "pkg:npm/semver@7.3.7" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libselinux@3.5-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libselinux-3.5-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Data-Dumper@2.174-462.el9?arch=x86_64&distro=rhel-9.2&upstream=perl-Data-Dumper-2.174-462.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/string_decoder@1.3.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libxcrypt@4.4.18-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libxcrypt-4.4.18-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/diff@5.1.0" : { "concluded" : { "identifiers" : [ { "id" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/langpacks-en@3.0-16.el9?arch=noarch&distro=rhel-9.2&upstream=langpacks-3.0-16.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64&distro=rhel-9.2&upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm" : { "evidence" : [ ] }, "pkg:npm/columnify@1.6.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/npm-packlist@5.1.3" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm" : { "evidence" : [ ] }, "pkg:npm/%40npmcli/ci-detect@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64&distro=rhel-9.2&upstream=procps-ng-3.3.17-11.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libverto-0.3.2-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/nopt@5.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/fonts-srpm-macros@2.0.5-7.el9.1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=fonts-rpm-macros-2.0.5-7.el9.1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libevent@2.1.12-6.el9?arch=x86_64&distro=rhel-9.2&upstream=libevent-2.1.12-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/sed@4.8-9.el9?arch=x86_64&distro=rhel-9.2&upstream=sed-4.8-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/setup@2.13.7-9.el9?arch=noarch&distro=rhel-9.2&upstream=setup-2.13.7-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/jsonparse@1.3.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-pysocks-1.7.1-12.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64&distro=rhel-9.2&upstream=pygobject3-3.40.1-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgpg-error@1.42-5.el9?arch=x86_64&distro=rhel-9.2&upstream=libgpg-error-1.42-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gzip@1.12-1.el9?arch=x86_64&distro=rhel-9.2&upstream=gzip-1.12-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre2@10.40-2.el9?arch=x86_64&distro=rhel-9.2&upstream=pcre2-10.40-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/minipass-fetch@2.1.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/ssri@9.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libmodulemd@2.13.0-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libmodulemd-2.13.0-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Getopt-Long@2.52-4.el9?arch=noarch&distro=rhel-9.2&epoch=1&upstream=perl-Getopt-Long-2.52-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/iconv-lite@0.6.3" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/mailcap@2.1.49-5.el9?arch=noarch&distro=rhel-9.2&upstream=mailcap-2.1.49-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/fastest-levenshtein@1.0.12" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9" : { "evidence" : [ ] }, "pkg:npm/npm-audit-report@3.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/negotiator@0.6.3" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/basesystem@11-13.el9?arch=noarch&distro=rhel-9.2&upstream=basesystem-11-13.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.2&upstream=gawk-5.1.0-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Term-ANSIColor@5.01-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Term-ANSIColor-5.01-461.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/concat-map@0.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/publicsuffix-list-dafsa@20210518-3.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-librepo@1.14.5-1.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/systemd-pam@252-13.el9_2" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre2-syntax@10.40-2.el9?arch=noarch&distro=rhel-9.2&upstream=pcre2-10.40-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-srpm-macros@1-41.el9?arch=noarch&distro=rhel-9.2&upstream=perl-srpm-macros-1-41.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch&distro=rhel-9.2&upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/which@2.21-28.el9?arch=x86_64&distro=rhel-9.2&upstream=which-2.21-28.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsepol@3.5-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libsepol-3.5-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/npm-normalize-package-bin@1.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/hunspell-filesystem@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=hunspell-1.7.0-11.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64&distro=rhel-9.2&upstream=libtool-2.4.6-45.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64&distro=rhel-9.2&upstream=libgpg-error-1.42-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/libnpmhook@8.0.4" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/%40npmcli/metavuln-calculator@3.1.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=apr-util-1.6.1-20.el9_2.1.src.rpm" : { "evidence" : [ ] }, "pkg:npm/%40colors/colors@1.5.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/color-support@1.1.3" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/imurmurhash@0.1.4" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:npm/treeverse@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/audit-libs@3.0.7-103.el9?arch=x86_64&distro=rhel-9.2&upstream=audit-3.0.7-103.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsolv@0.7.22-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libsolv-0.7.22-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/read-package-json-fast@2.0.3" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/which@2.0.2" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/readdir-scoped-modules@1.1.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/balanced-match@1.0.2" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/cli-table3@0.6.2" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/gobject-introspection@1.68.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=gobject-introspection-1.68.0-11.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2" : { "evidence" : [ ] }, "pkg:rpm/redhat/gd-devel@2.3.2-3.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch&distro=rhel-9.2&upstream=hunspell-en-0.20140811.1-20.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Digest-MD5@2.58-4.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-libnet@3.13-4.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64&distro=rhel-9.2&upstream=binutils-2.35.2-37.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1" : { "evidence" : [ ] }, "pkg:npm/inflight@1.0.6" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/ghc-srpm-macros@1.5.0-6.el9" : { "evidence" : [ ] }, "pkg:npm/abbrev@1.1.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/brotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/p11-kit-trust@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1" : { "evidence" : [ ] }, "pkg:rpm/redhat/bsdtar@3.5.3-4.el9" : { "evidence" : [ ] }, "pkg:npm/ansi-regex@5.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libuv@1.42.0-1.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=libuv-1.42.0-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/signal-exit@3.0.7" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/python3@3.9.16-1.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/kmod-libs@28-7.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/python-srpm-macros@3.9-52.el9?arch=noarch&distro=rhel-9.2&upstream=python-rpm-macros-3.9-52.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch&distro=rhel-9.2&upstream=redhat-rpm-config-199-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/atlas@3.10.3-17.el9?arch=x86_64&distro=rhel-9.2&upstream=atlas-3.10.3-17.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64&distro=rhel-9.2&upstream=freetype-2.10.4-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch&distro=rhel-9.2&upstream=python-six-1.15.0-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1" : { "evidence" : [ ] }, "pkg:npm/%40npmcli/move-file@2.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/go-srpm-macros@3.2.0-1.el9?arch=noarch&distro=rhel-9.2&upstream=go-rpm-macros-3.2.0-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/json-parse-even-better-errors@2.3.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/minipass-flush@1.0.5" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/debug@4.3.4" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/%40npmcli/node-gyp@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libcom_err@1.46.5-3.el9?arch=x86_64&distro=rhel-9.2&upstream=e2fsprogs-1.46.5-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/environment-modules@5.0.1-2.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch&distro=rhel-9.2&upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:npm/has-unicode@2.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/agentkeepalive@4.2.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/defaults@1.0.3" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/dmidecode@3.3-7.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/glob@7.2.3" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/ocaml-srpm-macros@6-6.el9?arch=noarch&distro=rhel-9.2&upstream=ocaml-srpm-macros-6-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libxcrypt-devel@4.4.18-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libxcrypt-4.4.18-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64&distro=rhel-9.2&upstream=atlas-3.10.3-17.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64&distro=rhel-9.2&upstream=less-590-1.el9_0.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9" : { "evidence" : [ ] }, "pkg:npm/fs.realpath@1.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/keyutils-libs@1.6.3-1.el9?arch=x86_64&distro=rhel-9.2&upstream=keyutils-1.6.3-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-gpg@1.15.1-6.el9?arch=x86_64&distro=rhel-9.2&upstream=gpgme-1.15.1-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/pkgconf@1.7.3-10.el9?arch=x86_64&distro=rhel-9.2&upstream=pkgconf-1.7.3-10.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libedit@3.1-37.20210216cvs.el9?arch=x86_64&distro=rhel-9.2&upstream=libedit-3.1-37.20210216cvs.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/p-map@4.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:pypi/ethtool@0.15" : { "concluded" : { "identifiers" : [ { "id" : "GPL-2.0", "name" : "GNU General Public License v2.0 only", "isDeprecated" : true, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "STRONG_COPYLEFT" } ], "expression" : "GPL-2.0", "name" : "GNU General Public License v2.0 only", "category" : "STRONG_COPYLEFT", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "GPL-2.0", "name" : "GNU General Public License v2.0 only", "isDeprecated" : true, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "STRONG_COPYLEFT" } ], "expression" : "GPL-2.0", "name" : "GNU General Public License v2.0 only", "category" : "STRONG_COPYLEFT", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/inherits@2.0.4" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/promise-retry@2.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/minizlib@2.1.2" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/filesystem@3.16-2.el9?arch=x86_64&distro=rhel-9.2&upstream=filesystem-3.16-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9" : { "evidence" : [ ] }, "pkg:npm/libnpmfund@3.0.5" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/function-bind@1.1.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/subscription-manager-rhsm-certificates@20220623-1.el9?arch=noarch&distro=rhel-9.2&upstream=subscription-manager-rhsm-certificates-20220623-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/brace-expansion@1.1.11" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/pcre2-utf32@10.40-2.el9?arch=x86_64&distro=rhel-9.2&upstream=pcre2-10.40-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64&distro=rhel-9.2&upstream=pcre-8.44-3.el9.3.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/bash@5.1.8-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=bash-5.1.8-6.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/setuptools@53.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/systemd-libs@252-13.el9_2" : { "evidence" : [ ] }, "pkg:pypi/subscription-manager@1.29.33.1" : { "evidence" : [ ] }, "pkg:rpm/redhat/coreutils-single@8.32-34.el9?arch=x86_64&distro=rhel-9.2&upstream=coreutils-8.32-34.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/librhsm@0.0.3-7.el9?arch=x86_64&distro=rhel-9.2&upstream=librhsm-0.0.3-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/strip-ansi@6.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/perl-Text-Tabs%2BWrap@2013.0523-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Text-Tabs%2BWrap-2013.0523-460.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-systemd@234-18.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/idna@2.10" : { "concluded" : { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/proc-log@2.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:pypi/gpg@1.15.1" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gdbm-libs@1.19-4.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gdbm-1.19-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libmount@2.37.4-10.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/nettle@3.8-3.el9_0?arch=x86_64&distro=rhel-9.2&upstream=nettle-3.8-3.el9_0.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm" : { "evidence" : [ ] } } } ] } pod: python-component-sukmsc-on-pull-request-g52js-tpa-scan-pod | container step-oci-attach-report: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Attaching tpa-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901 [retry] executing: oras attach --no-tty --format go-template=\{\{.digest\}\} --registry-config /tmp/auth/config.json --artifact-type application/vnd.redhat.tpa-report+json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901 tpa-report-amd64.json:application/vnd.redhat.tpa-report+json pod: python-component-sukmsc-on-pull-request-g52js-tpa-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/tpa-report-amd64.json", "namespace": "required_checks", "successes": 4, "warnings": [ { "msg": "Found 14 critical vulnerabilities.", "metadata": { "details": { "description": "Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm [direct] (CVE-2024-12084), pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-39332), pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-39332), pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [direct] (CVE-2023-38408), pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [direct] (CVE-2024-32002), pkg:rpm/redhat/nodejs-docs@16.19.1-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-39332), pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [direct] (CVE-2024-3596), pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [direct] (CVE-2024-3596), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [direct] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl-devel@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-39332), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-39332), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-38408), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libwebp-1.2.0-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4863), pkg:rpm/redhat/libwebp@1.2.0-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libwebp-1.2.0-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4863), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-38408), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-38408), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32002), pkg:rpm/redhat/git-core@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32002), pkg:rpm/redhat/perl-Git@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32002), pkg:rpm/redhat/git-core-doc@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32002), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/libwebp@1.2.0-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libwebp-1.2.0-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4863), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796)", "name": "rhtpa_critical_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 14 } }, { "msg": "Found 266 high vulnerabilities.", "metadata": { "details": { "description": "Source: osv-github. Affected dependencies: pkg:pypi/setuptools@53.0.0 [direct] (CVE-2024-6345, CVE-2022-40897), pkg:npm/tar@6.1.11 [direct] (CVE-2026-23950, CVE-2026-24842, CVE-2026-26960), pkg:npm/ip@2.0.0 [direct] (CVE-2024-29415), pkg:npm/minimatch@5.1.0 [direct] (CVE-2026-27903, CVE-2026-27904), pkg:npm/semver@7.3.7 [direct] (CVE-2022-25883), pkg:npm/minimatch@3.1.2 [direct] (CVE-2026-27903, CVE-2026-27904), pkg:npm/npm@8.19.3 [direct] (CVE-2026-0775), pkg:pypi/urllib3@1.26.5 [transitive via pkg:pypi/requests@2.25.1] (CVE-2026-21441); Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm [direct] (CVE-2024-12085), pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm [direct] (CVE-2023-43622, CVE-2023-45802, CVE-2024-27316, CVE-2025-49630), pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [direct] (CVE-2025-27363), pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [direct] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [direct] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-32006, CVE-2022-4904, CVE-2023-32002, CVE-2024-21892, CVE-2024-21896, CVE-2025-23083, CVE-2025-6965, CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2023-23918, CVE-2023-23919, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-38552, CVE-2023-39331, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2024-22017, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-32006, CVE-2022-4904, CVE-2022-35255, CVE-2023-32002, CVE-2024-21892, CVE-2024-21896, CVE-2025-23083, CVE-2025-6965, CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-38552, CVE-2023-39331, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2024-22017, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [direct] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [direct] (CVE-2026-3497, CVE-2024-6387, CVE-2026-35385, CVE-2024-6409), pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [direct] (CVE-2023-3899), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [direct] (CVE-2025-48385, CVE-2024-32004, CVE-2025-48384, CVE-2024-52005, CVE-2024-32465), pkg:rpm/redhat/nodejs-docs@16.19.1-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-32006, CVE-2022-4904, CVE-2022-35255, CVE-2023-32002, CVE-2024-21892, CVE-2024-21896, CVE-2025-23083, CVE-2025-6965, CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-38552, CVE-2023-39331, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2024-22017, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [direct] (CVE-2023-2953), pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [direct] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm [direct] (CVE-2025-66418, CVE-2025-66471, CVE-2026-21441), pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm [direct] (CVE-2025-1094, CVE-2025-12818), pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [direct] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [direct] (CVE-2023-3899), pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [direct] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [direct] (CVE-2023-3899), pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm [direct] (CVE-2024-55549, CVE-2025-24855, CVE-2025-7425, CVE-2025-7424), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [direct] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [direct] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [direct] (CVE-2025-5222), pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [direct] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm [direct] (CVE-2023-47038), pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [direct] (CVE-2025-31115), pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [direct] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [direct] (CVE-2024-2961, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [direct] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [direct] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [direct] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm [direct] (CVE-2023-30630), pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [direct] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [direct] (CVE-2026-34982, CVE-2026-25749, CVE-2026-33412, CVE-2023-4752), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44466, CVE-2024-5154, CVE-2025-21927, CVE-2023-1652, CVE-2023-52922, CVE-2024-36971, CVE-2025-21756, CVE-2025-22020, CVE-2025-38052, CVE-2025-38087, CVE-2022-41723, CVE-2025-38471, CVE-2024-42284, CVE-2024-53104, CVE-2025-37750, CVE-2025-38250, CVE-2022-49846, CVE-2023-52933, CVE-2023-53751, CVE-2023-6606, CVE-2023-6610, CVE-2024-35937, CVE-2024-38538, CVE-2024-53150, CVE-2024-57947, CVE-2025-21887, CVE-2025-21893, CVE-2025-21920, CVE-2025-21969, CVE-2025-21979, CVE-2025-21993, CVE-2025-21997, CVE-2025-22026, CVE-2025-22055, CVE-2025-22058, CVE-2025-22104, CVE-2025-22113, CVE-2025-22121, CVE-2025-37738, CVE-2025-37799, CVE-2025-38264, CVE-2022-49977, CVE-2022-50066, CVE-2023-53047, CVE-2023-53107, CVE-2023-6932, CVE-2024-0646, CVE-2024-46858, CVE-2024-50154, CVE-2024-53141, CVE-2025-21727, CVE-2025-21764, CVE-2025-21867, CVE-2025-21919, CVE-2025-21926, CVE-2025-21966, CVE-2025-22004, CVE-2025-22126, CVE-2025-37797, CVE-2025-37803, CVE-2025-37890, CVE-2025-37914, CVE-2025-37943, CVE-2025-38079, CVE-2025-38086, CVE-2025-38124, CVE-2025-38177, CVE-2025-38200, CVE-2025-38332), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-1244, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-34982, CVE-2026-25749, CVE-2026-33412, CVE-2023-4752), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libuv@1.42.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=libuv-1.42.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-24806), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-29111), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/go-srpm-macros@3.2.0-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=go-rpm-macros-3.2.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-61726, CVE-2026-25679), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-AutoLoader@5.74-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-base@2.27-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-29111), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat-devel@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/graphite2@1.3.14-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=graphite2-1.3.14-9.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2017-5436), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-27363), pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-27363), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-33636, CVE-2026-33416, CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-25646), pkg:rpm/redhat/brotli-devel@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/brotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/harfbuzz-devel@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/harfbuzz-icu@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/libpng-devel@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-25646), pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/pixman@0.40.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pixman-0.40.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2022-44638), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl-devel@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-30630), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44466, CVE-2024-5154, CVE-2025-21927, CVE-2023-1652, CVE-2023-52922, CVE-2024-36971, CVE-2025-21756, CVE-2025-22020, CVE-2025-38052, CVE-2025-38087, CVE-2022-41723, CVE-2025-38471, CVE-2024-42284, CVE-2024-53104, CVE-2025-37750, CVE-2025-38250, CVE-2022-49846, CVE-2023-52933, CVE-2023-53751, CVE-2023-6606, CVE-2023-6610, CVE-2024-35937, CVE-2024-38538, CVE-2024-53150, CVE-2024-57947, CVE-2025-21887, CVE-2025-21893, CVE-2025-21920, CVE-2025-21969, CVE-2025-21979, CVE-2025-21993, CVE-2025-21997, CVE-2025-22026, CVE-2025-22055, CVE-2025-22058, CVE-2025-22104, CVE-2025-22113, CVE-2025-22121, CVE-2025-37738, CVE-2025-37799, CVE-2025-38264, CVE-2022-49977, CVE-2022-50066, CVE-2023-53047, CVE-2023-53107, CVE-2023-6932, CVE-2024-0646, CVE-2024-46858, CVE-2024-50154, CVE-2024-53141, CVE-2025-21727, CVE-2025-21764, CVE-2025-21867, CVE-2025-21919, CVE-2025-21926, CVE-2025-21966, CVE-2025-22004, CVE-2025-22126, CVE-2025-37797, CVE-2025-37803, CVE-2025-37890, CVE-2025-37914, CVE-2025-37943, CVE-2025-38079, CVE-2025-38086, CVE-2025-38124, CVE-2025-38177, CVE-2025-38200, CVE-2025-38332), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-32006, CVE-2022-4904, CVE-2022-35255, CVE-2023-32002, CVE-2024-21892, CVE-2024-21896, CVE-2025-23083, CVE-2025-6965, CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-38552, CVE-2023-39331, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2024-22017, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-32006, CVE-2022-4904, CVE-2023-32002, CVE-2025-23083, CVE-2025-6965, CVE-2022-25881, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-32006, CVE-2022-4904, CVE-2022-35255, CVE-2023-32002, CVE-2024-21892, CVE-2024-21896, CVE-2025-23083, CVE-2025-6965, CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-38552, CVE-2023-39331, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2024-22017, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-32006, CVE-2022-4904, CVE-2023-32002, CVE-2025-23083, CVE-2025-6965, CVE-2022-25881, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=less-590-1.el9_0.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-32487, CVE-2022-46663, CVE-2022-48624), pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2026-34982, CVE-2026-25749, CVE-2026-33412, CVE-2023-4752), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-3497, CVE-2024-6387, CVE-2026-35385, CVE-2023-51767, CVE-2024-6409), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-29111), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=less-590-1.el9_0.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-32487, CVE-2022-46663, CVE-2022-48624), pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2026-34982, CVE-2026-25749, CVE-2026-33412, CVE-2023-4752), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/python3-cloud-what@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-3899), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-30630), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44466, CVE-2024-5154, CVE-2025-21927, CVE-2023-1652, CVE-2023-52922, CVE-2024-36971, CVE-2025-21756, CVE-2025-22020, CVE-2025-38052, CVE-2025-38087, CVE-2022-41723, CVE-2025-38471, CVE-2024-42284, CVE-2024-53104, CVE-2025-37750, CVE-2025-38250, CVE-2022-49846, CVE-2023-52933, CVE-2023-53751, CVE-2023-6606, CVE-2023-6610, CVE-2024-35937, CVE-2024-38538, CVE-2024-53150, CVE-2024-57947, CVE-2025-21887, CVE-2025-21893, CVE-2025-21920, CVE-2025-21969, CVE-2025-21979, CVE-2025-21993, CVE-2025-21997, CVE-2025-22026, CVE-2025-22055, CVE-2025-22058, CVE-2025-22104, CVE-2025-22113, CVE-2025-22121, CVE-2025-37738, CVE-2025-37799, CVE-2025-38264, CVE-2022-49977, CVE-2022-50066, CVE-2023-53047, CVE-2023-53107, CVE-2023-6932, CVE-2024-0646, CVE-2024-46858, CVE-2024-50154, CVE-2024-53141, CVE-2025-21727, CVE-2025-21764, CVE-2025-21867, CVE-2025-21919, CVE-2025-21926, CVE-2025-21966, CVE-2025-22004, CVE-2025-22126, CVE-2025-37797, CVE-2025-37803, CVE-2025-37890, CVE-2025-37914, CVE-2025-37943, CVE-2025-38079, CVE-2025-38086, CVE-2025-38124, CVE-2025-38177, CVE-2025-38200, CVE-2025-38332), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/libtiff-devel@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-9900, CVE-2025-8176, CVE-2026-4775, CVE-2017-17095, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), pkg:rpm/redhat/graphite2@1.3.14-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=graphite2-1.3.14-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2017-5436), pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-9900, CVE-2025-8176, CVE-2026-4775, CVE-2017-17095, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-27363), pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-27363), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libX11-xcb@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libX11-devel@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-33636, CVE-2026-33416, CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-25646), pkg:rpm/redhat/brotli-devel@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/brotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/harfbuzz-devel@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/xz-devel@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/harfbuzz-icu@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/libjpeg-turbo-devel@2.0.90-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libjpeg-turbo-2.0.90-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2021-29390), pkg:rpm/redhat/libpng-devel@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-25646), pkg:rpm/redhat/libjpeg-turbo@2.0.90-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libjpeg-turbo-2.0.90-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2021-29390), pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/pixman@0.40.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pixman-0.40.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-44638), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-3497, CVE-2024-6387, CVE-2026-35385, CVE-2024-6409), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-3497, CVE-2024-6387, CVE-2026-35385, CVE-2023-51767, CVE-2024-6409), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-48385, CVE-2024-32004, CVE-2025-48384, CVE-2024-52005, CVE-2024-32465), pkg:rpm/redhat/git-core@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-48385, CVE-2024-32004, CVE-2025-48384, CVE-2024-52005, CVE-2024-32465), pkg:rpm/redhat/perl-Git@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-48385, CVE-2024-32004, CVE-2025-48384, CVE-2024-52005, CVE-2024-32465), pkg:rpm/redhat/git-core-doc@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-48385, CVE-2024-32004, CVE-2025-48384, CVE-2024-52005, CVE-2024-32465), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-1244, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=less-590-1.el9_0.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32487, CVE-2022-46663, CVE-2022-48624), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-lib@0.65-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44466, CVE-2024-5154, CVE-2025-21927, CVE-2023-1652, CVE-2023-52922, CVE-2024-36971, CVE-2025-21756, CVE-2025-22020, CVE-2025-38052, CVE-2025-38087, CVE-2022-41723, CVE-2025-38471, CVE-2024-42284, CVE-2024-53104, CVE-2025-37750, CVE-2025-38250, CVE-2022-49846, CVE-2023-52933, CVE-2023-53751, CVE-2023-6606, CVE-2023-6610, CVE-2024-35937, CVE-2024-38538, CVE-2024-53150, CVE-2024-57947, CVE-2025-21887, CVE-2025-21893, CVE-2025-21920, CVE-2025-21969, CVE-2025-21979, CVE-2025-21993, CVE-2025-21997, CVE-2025-22026, CVE-2025-22055, CVE-2025-22058, CVE-2025-22104, CVE-2025-22113, CVE-2025-22121, CVE-2025-37738, CVE-2025-37799, CVE-2025-38264, CVE-2022-49977, CVE-2022-50066, CVE-2023-53047, CVE-2023-53107, CVE-2023-6932, CVE-2024-0646, CVE-2024-46858, CVE-2024-50154, CVE-2024-53141, CVE-2025-21727, CVE-2025-21764, CVE-2025-21867, CVE-2025-21919, CVE-2025-21926, CVE-2025-21966, CVE-2025-22004, CVE-2025-22126, CVE-2025-37797, CVE-2025-37803, CVE-2025-37890, CVE-2025-37914, CVE-2025-37943, CVE-2025-38079, CVE-2025-38086, CVE-2025-38124, CVE-2025-38177, CVE-2025-38200, CVE-2025-38332), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-29111), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libpq@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2025-1094, CVE-2025-12818), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-29111), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-3899), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/python3-cloud-what@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-3899), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-3899), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-30630), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/graphite2@1.3.14-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=graphite2-1.3.14-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2017-5436), pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-9900, CVE-2025-8176, CVE-2026-4775, CVE-2017-17095, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-27363), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-33636, CVE-2026-33416, CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-25646), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/libjpeg-turbo@2.0.90-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libjpeg-turbo-2.0.90-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2021-29390), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libxslt@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-55549, CVE-2025-24855, CVE-2025-7425, CVE-2025-7424), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/xz-devel@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-devel@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-base@2.27-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-1244, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libX11-devel@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libX11-xcb@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-1244, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720)", "name": "rhtpa_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 266 } }, { "msg": "Found 372 medium vulnerabilities.", "metadata": { "details": { "description": "Source: osv-github. Affected dependencies: pkg:npm/tar@6.1.11 [direct] (CVE-2024-28863), pkg:pypi/requests@2.25.1 [direct] (CVE-2023-32681, CVE-2024-35195, CVE-2024-47081, CVE-2026-25645), pkg:npm/brace-expansion@1.1.11 [direct] (CVE-2026-33750), pkg:npm/brace-expansion@2.0.1 [direct] (CVE-2026-33750), pkg:pypi/idna@2.10 [direct] (CVE-2024-3651), pkg:pypi/pip@21.2.3 [direct] (CVE-2023-5752), pkg:pypi/pip@21.3.1 [transitive via pkg:pypi/setuptools@53.0.0] (CVE-2023-5752), pkg:pypi/urllib3@1.26.5 [transitive via pkg:pypi/requests@2.25.1] (CVE-2023-43804, CVE-2025-50181, CVE-2024-37891, CVE-2023-45803), pkg:pypi/idna@2.10 [transitive via pkg:pypi/requests@2.25.1] (CVE-2024-3651); Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [direct] (CVE-2020-11023), pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [direct] (CVE-2023-34969), pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm [direct] (CVE-2024-12087, CVE-2024-12088, CVE-2024-12086, CVE-2024-12747, CVE-2025-10158), pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [direct] (CVE-2022-4285, CVE-2025-11082, CVE-2025-11083, CVE-2025-5244), pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [direct] (CVE-2020-11023), pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [direct] (CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2025-22150, CVE-2024-21891, CVE-2023-23936, CVE-2024-22020, CVE-2024-22025, CVE-2024-28863, CVE-2025-23167, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2023-46809, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2023-39333, CVE-2024-28182, CVE-2025-23085, CVE-2025-55132, CVE-2026-21714, CVE-2026-21711, CVE-2024-21890, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2025-22150, CVE-2024-21891, CVE-2022-35256, CVE-2023-23936, CVE-2024-22020, CVE-2024-22025, CVE-2024-28863, CVE-2025-23167, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2023-46809, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2023-39333, CVE-2024-28182, CVE-2025-23085, CVE-2026-21714, CVE-2026-21711, CVE-2024-21890, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm [direct] (CVE-2023-2727, CVE-2023-2728), pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm [direct] (CVE-2021-3826), pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [direct] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [direct] (CVE-2025-26465, CVE-2023-51385, CVE-2023-48795, CVE-2025-61984, CVE-2025-61985, CVE-2026-35414, CVE-2025-32728), pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [direct] (CVE-2020-11023), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [direct] (CVE-2025-27614, CVE-2024-52006, CVE-2025-27613), pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [direct] (CVE-2007-4559), pkg:rpm/redhat/nodejs-docs@16.19.1-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2025-22150, CVE-2024-21891, CVE-2022-35256, CVE-2023-23936, CVE-2024-22020, CVE-2024-22025, CVE-2024-28863, CVE-2025-23167, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2023-46809, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2023-39333, CVE-2024-28182, CVE-2025-23085, CVE-2025-55132, CVE-2026-21714, CVE-2026-21711, CVE-2024-21890, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [direct] (CVE-2020-11023), pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm [direct] (CVE-2021-3826), pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [direct] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm [direct] (CVE-2024-7143, CVE-2023-43804, CVE-2024-37891, CVE-2023-45803), pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [direct] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576, CVE-2026-40355, CVE-2026-40356), pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [direct] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm [direct] (CVE-2023-40403), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [direct] (CVE-2023-39615, CVE-2025-9714, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2025-32414), pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [direct] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [direct] (CVE-2023-4641), pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm [direct] (CVE-2025-40909), pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [direct] (CVE-2022-24963), pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [direct] (CVE-2020-11023), pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [direct] (CVE-2026-34743), pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [direct] (CVE-2025-40909), pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [direct] (CVE-2022-48554), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [direct] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm [direct] (CVE-2024-38428), pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [direct] (CVE-2025-40909), pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [direct] (CVE-2019-12900), pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [direct] (CVE-2025-40909), pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm [direct] (CVE-2021-3826), pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm [direct] (CVE-2023-43788, CVE-2023-43789), pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm [direct] (CVE-2025-45582), pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [direct] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [direct] (CVE-2021-3903, CVE-2026-28421, CVE-2026-28417, CVE-2025-53905, CVE-2025-53906), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50616, CVE-2024-56614, CVE-2024-56615, CVE-2025-21883, CVE-2025-21928, CVE-2025-21929, CVE-2025-21991, CVE-2025-22085, CVE-2021-47383, CVE-2025-21759, CVE-2023-28746, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-21823, CVE-2025-21999, CVE-2025-38350, CVE-2024-46695, CVE-2024-50275, CVE-2024-42292, CVE-2024-50302, CVE-2022-49395, CVE-2023-5090, CVE-2024-26664, CVE-2024-50264, CVE-2025-38110, CVE-2024-53122, CVE-2024-53197, CVE-2024-36941, CVE-2024-38627, CVE-2022-50042, CVE-2023-1074, CVE-2023-45862, CVE-2023-52490, CVE-2023-52658, CVE-2023-53597, CVE-2023-53704, CVE-2023-54004, CVE-2023-54093, CVE-2023-54271, CVE-2023-7192, CVE-2024-0443, CVE-2024-26615, CVE-2024-26878, CVE-2024-27046, CVE-2024-27052, CVE-2024-35789, CVE-2024-35852, CVE-2024-35890, CVE-2024-35907, CVE-2024-35952, CVE-2024-35989, CVE-2024-39483, CVE-2024-40959, CVE-2024-41035, CVE-2024-41064, CVE-2024-42079, CVE-2024-42272, CVE-2024-42283, CVE-2024-42322, CVE-2024-43854, CVE-2024-44990, CVE-2024-44994, CVE-2024-45018, CVE-2024-46713, CVE-2024-46824, CVE-2024-49949, CVE-2024-50208, CVE-2024-50251, CVE-2024-50252, CVE-2024-53113, CVE-2025-21669, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964, CVE-2025-37785, CVE-2025-38234, CVE-2023-52448, CVE-2023-53755, CVE-2024-47745, CVE-2024-53088, CVE-2025-21961, CVE-2025-22036, CVE-2025-38417, CVE-2023-52771, CVE-2023-52864, CVE-2024-26855, CVE-2024-35845, CVE-2024-36922, CVE-2024-38555, CVE-2024-38556, CVE-2024-43855, CVE-2024-46826, CVE-2024-26897, CVE-2024-38586), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/gcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libquadmath@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11082, CVE-2025-11083, CVE-2025-5244), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-11413, CVE-2025-5244), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-30203, CVE-2024-30204), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-3903, CVE-2026-28421, CVE-2026-28417, CVE-2025-53905, CVE-2025-53906), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-40224, CVE-2026-4105, CVE-2026-40225, CVE-2026-40226, CVE-2023-7008, CVE-2026-40227, CVE-2025-4598, CVE-2026-40223), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/go-srpm-macros@3.2.0-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=go-rpm-macros-3.2.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-47906), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/qt5-srpm-macros@5.15.3-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=qt5-5.15.3-1.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-32573, CVE-2023-33285, CVE-2023-34410), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-AutoLoader@5.74-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-base@2.27-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-40224, CVE-2026-4105, CVE-2026-40225, CVE-2026-40226, CVE-2023-7008, CVE-2026-40227, CVE-2025-4598, CVE-2026-40223), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/expat-devel@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-23865), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2023-29499, CVE-2025-4373), pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-22801, CVE-2025-28162, CVE-2025-64506, CVE-2026-22695, CVE-2026-3713, CVE-2025-28164, CVE-2025-64505), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-22693), pkg:rpm/redhat/libpng-devel@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-22801, CVE-2026-22695), pkg:rpm/redhat/libmount-devel@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libblkid-devel@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/bzip2-devel@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl-devel@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2022-4285, CVE-2025-11082, CVE-2025-11083, CVE-2025-5244), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2022-4285, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-11413, CVE-2025-5244), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50616, CVE-2024-56614, CVE-2024-56615, CVE-2025-21883, CVE-2025-21928, CVE-2025-21929, CVE-2025-21991, CVE-2025-22085, CVE-2021-47383, CVE-2025-21759, CVE-2023-28746, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-21823, CVE-2025-21999, CVE-2025-38350, CVE-2024-46695, CVE-2024-50275, CVE-2024-42292, CVE-2024-50302, CVE-2022-49395, CVE-2023-5090, CVE-2024-26664, CVE-2024-50264, CVE-2025-38110, CVE-2024-53122, CVE-2024-53197, CVE-2024-36941, CVE-2024-38627, CVE-2022-50042, CVE-2023-1074, CVE-2023-45862, CVE-2023-52490, CVE-2023-52658, CVE-2023-53597, CVE-2023-53704, CVE-2023-54004, CVE-2023-54093, CVE-2023-54271, CVE-2023-7192, CVE-2024-0443, CVE-2024-26615, CVE-2024-26878, CVE-2024-27046, CVE-2024-27052, CVE-2024-35789, CVE-2024-35852, CVE-2024-35890, CVE-2024-35907, CVE-2024-35952, CVE-2024-35989, CVE-2024-39483, CVE-2024-40959, CVE-2024-41035, CVE-2024-41064, CVE-2024-42079, CVE-2024-42272, CVE-2024-42283, CVE-2024-42322, CVE-2024-43854, CVE-2024-44990, CVE-2024-44994, CVE-2024-45018, CVE-2024-46713, CVE-2024-46824, CVE-2024-49949, CVE-2024-50208, CVE-2024-50251, CVE-2024-50252, CVE-2024-53113, CVE-2025-21669, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964, CVE-2025-37785, CVE-2025-38234, CVE-2023-52448, CVE-2023-53755, CVE-2024-47745, CVE-2024-53088, CVE-2025-21961, CVE-2025-22036, CVE-2025-38417, CVE-2023-52771, CVE-2023-52864, CVE-2024-26855, CVE-2024-35845, CVE-2024-36922, CVE-2024-38555, CVE-2024-38556, CVE-2024-43855, CVE-2024-46826, CVE-2024-26897, CVE-2024-38586), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/gcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11082, CVE-2025-11083, CVE-2025-5244), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-11413, CVE-2025-5244), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-22150, CVE-2024-21891, CVE-2022-35256, CVE-2023-23936, CVE-2024-22020, CVE-2024-22025, CVE-2024-28863, CVE-2025-23167, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2023-46809, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2023-39333, CVE-2024-28182, CVE-2025-23085, CVE-2026-21714, CVE-2026-21711, CVE-2024-21890, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-22150, CVE-2023-23936, CVE-2024-22025, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2024-28182, CVE-2025-23085, CVE-2026-21714, CVE-2026-21711, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-22150, CVE-2024-21891, CVE-2022-35256, CVE-2023-23936, CVE-2024-22020, CVE-2024-22025, CVE-2024-28863, CVE-2025-23167, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2023-46809, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2023-39333, CVE-2024-28182, CVE-2025-23085, CVE-2026-21714, CVE-2026-21711, CVE-2024-21890, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-22150, CVE-2023-23936, CVE-2024-22025, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2024-28182, CVE-2025-23085, CVE-2026-21714, CVE-2026-21711, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2021-3903, CVE-2026-28421, CVE-2026-28417, CVE-2025-53905, CVE-2025-53906), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-26465, CVE-2023-51385, CVE-2023-48795, CVE-2025-61984, CVE-2025-61985, CVE-2026-35414, CVE-2025-32728), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-40224, CVE-2026-4105, CVE-2026-40225, CVE-2026-40226, CVE-2023-7008, CVE-2026-40227, CVE-2025-4598, CVE-2026-40223), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2021-3903, CVE-2026-28421, CVE-2026-28417, CVE-2025-53905, CVE-2025-53906), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/python3-requests@2.25.1-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-requests-2.25.1-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-32681, CVE-2024-35195, CVE-2024-47081), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50616, CVE-2024-56614, CVE-2024-56615, CVE-2025-21883, CVE-2025-21928, CVE-2025-21929, CVE-2025-21991, CVE-2025-22085, CVE-2021-47383, CVE-2025-21759, CVE-2023-28746, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-21823, CVE-2025-21999, CVE-2025-38350, CVE-2024-46695, CVE-2024-50275, CVE-2024-42292, CVE-2024-50302, CVE-2022-49395, CVE-2023-5090, CVE-2024-26664, CVE-2024-50264, CVE-2025-38110, CVE-2024-53122, CVE-2024-53197, CVE-2024-36941, CVE-2024-38627, CVE-2022-50042, CVE-2023-1074, CVE-2023-45862, CVE-2023-52490, CVE-2023-52658, CVE-2023-53597, CVE-2023-53704, CVE-2023-54004, CVE-2023-54093, CVE-2023-54271, CVE-2023-7192, CVE-2024-0443, CVE-2024-26615, CVE-2024-26878, CVE-2024-27046, CVE-2024-27052, CVE-2024-35789, CVE-2024-35852, CVE-2024-35890, CVE-2024-35907, CVE-2024-35952, CVE-2024-35989, CVE-2024-39483, CVE-2024-40959, CVE-2024-41035, CVE-2024-41064, CVE-2024-42079, CVE-2024-42272, CVE-2024-42283, CVE-2024-42322, CVE-2024-43854, CVE-2024-44990, CVE-2024-44994, CVE-2024-45018, CVE-2024-46713, CVE-2024-46824, CVE-2024-49949, CVE-2024-50208, CVE-2024-50251, CVE-2024-50252, CVE-2024-53113, CVE-2025-21669, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964, CVE-2025-37785, CVE-2025-38234, CVE-2023-52448, CVE-2023-53755, CVE-2024-47745, CVE-2024-53088, CVE-2025-21961, CVE-2025-22036, CVE-2025-38417, CVE-2023-52771, CVE-2023-52864, CVE-2024-26855, CVE-2024-35845, CVE-2024-36922, CVE-2024-38555, CVE-2024-38556, CVE-2024-43855, CVE-2024-46826, CVE-2024-26897, CVE-2024-38586), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/gcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11082, CVE-2025-11083, CVE-2025-5244), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-11413, CVE-2025-5244), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-39615, CVE-2025-9714, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2025-32414), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libtiff-devel@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-40090, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2022-48281, CVE-2023-0799, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-3316, CVE-2023-3576), pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-40090, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2022-48281, CVE-2023-0799, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-3316, CVE-2023-3576, CVE-2025-61143, CVE-2025-61144, CVE-2025-61145), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-23865), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libX11-xcb@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libX11-devel@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2023-29499, CVE-2025-4373), pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-22801, CVE-2025-28162, CVE-2025-64506, CVE-2026-22695, CVE-2026-3713, CVE-2025-28164, CVE-2025-64505), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-22693), pkg:rpm/redhat/libpng-devel@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-22801, CVE-2026-22695), pkg:rpm/redhat/libmount-devel@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libblkid-devel@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libXpm@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43788, CVE-2023-43789), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43788, CVE-2023-43789), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/bzip2-devel@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-26465, CVE-2023-51385, CVE-2023-48795, CVE-2025-61984, CVE-2025-61985, CVE-2026-35414, CVE-2025-32728), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-26465, CVE-2023-51385, CVE-2023-48795, CVE-2025-61984, CVE-2025-61985, CVE-2026-35414, CVE-2025-32728), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-27614, CVE-2024-52006, CVE-2025-27613), pkg:rpm/redhat/git-core@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-27614, CVE-2024-52006, CVE-2025-27613), pkg:rpm/redhat/perl-Git@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-27614, CVE-2024-52006, CVE-2025-27613), pkg:rpm/redhat/git-core-doc@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-27614, CVE-2024-52006, CVE-2025-27613), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-30203, CVE-2024-30204), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-lib@0.65-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50616, CVE-2024-56614, CVE-2024-56615, CVE-2025-21883, CVE-2025-21928, CVE-2025-21929, CVE-2025-21991, CVE-2025-22085, CVE-2021-47383, CVE-2025-21759, CVE-2023-28746, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-21823, CVE-2025-21999, CVE-2025-38350, CVE-2024-46695, CVE-2024-50275, CVE-2024-42292, CVE-2024-50302, CVE-2022-49395, CVE-2023-5090, CVE-2024-26664, CVE-2024-50264, CVE-2025-38110, CVE-2024-53122, CVE-2024-53197, CVE-2024-36941, CVE-2024-38627, CVE-2022-50042, CVE-2023-1074, CVE-2023-45862, CVE-2023-52490, CVE-2023-52658, CVE-2023-53597, CVE-2023-53704, CVE-2023-54004, CVE-2023-54093, CVE-2023-54271, CVE-2023-7192, CVE-2024-0443, CVE-2024-26615, CVE-2024-26878, CVE-2024-27046, CVE-2024-27052, CVE-2024-35789, CVE-2024-35852, CVE-2024-35890, CVE-2024-35907, CVE-2024-35952, CVE-2024-35989, CVE-2024-39483, CVE-2024-40959, CVE-2024-41035, CVE-2024-41064, CVE-2024-42079, CVE-2024-42272, CVE-2024-42283, CVE-2024-42322, CVE-2024-43854, CVE-2024-44990, CVE-2024-44994, CVE-2024-45018, CVE-2024-46713, CVE-2024-46824, CVE-2024-49949, CVE-2024-50208, CVE-2024-50251, CVE-2024-50252, CVE-2024-53113, CVE-2025-21669, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964, CVE-2025-37785, CVE-2025-38234, CVE-2023-52448, CVE-2023-53755, CVE-2024-47745, CVE-2024-53088, CVE-2025-21961, CVE-2025-22036, CVE-2025-38417, CVE-2023-52771, CVE-2023-52864, CVE-2024-26855, CVE-2024-35845, CVE-2024-36922, CVE-2024-38555, CVE-2024-38556, CVE-2024-43855, CVE-2024-46826, CVE-2024-26897, CVE-2024-38586), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/gcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libquadmath@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11082, CVE-2025-11083, CVE-2025-5244), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-11413, CVE-2025-5244), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2021-3826), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-40224, CVE-2026-4105, CVE-2026-40225, CVE-2026-40226, CVE-2023-7008, CVE-2026-40227, CVE-2025-4598, CVE-2026-40223), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/python3-idna@2.10-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-idna-2.10-7.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-3651), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-40224, CVE-2026-4105, CVE-2026-40225, CVE-2026-40226, CVE-2023-7008, CVE-2026-40227, CVE-2025-4598, CVE-2026-40223), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2727, CVE-2023-2728), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/python3-requests@2.25.1-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-requests-2.25.1-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-32681, CVE-2024-35195, CVE-2024-47081), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-40090, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2022-48281, CVE-2023-0799, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-3316, CVE-2023-3576, CVE-2025-61143, CVE-2025-61144, CVE-2025-61145), pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-23865), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-22801, CVE-2025-28162, CVE-2025-64506, CVE-2026-22695, CVE-2026-3713, CVE-2025-28164, CVE-2025-64505), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-22693), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libXpm@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43788, CVE-2023-43789), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-39615, CVE-2025-9714, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2025-32414), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libxslt@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-40403, CVE-2025-10911), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libquadmath@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-base@2.27-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-30203, CVE-2024-30204), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libX11-devel@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libX11-xcb@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libXpm@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43788, CVE-2023-43789), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-30203, CVE-2024-30204), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2020-11023)", "name": "rhtpa_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 372 } }, { "msg": "Found 72 low vulnerabilities.", "metadata": { "details": { "description": "Source: osv-github. Affected dependencies: pkg:npm/brace-expansion@1.1.11 [direct] (CVE-2025-5889), pkg:npm/brace-expansion@2.0.1 [direct] (CVE-2025-5889), pkg:npm/%40tootallnate/once@2.0.0 [direct] (CVE-2026-3449); Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm [direct] (CVE-2023-4016), pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm [direct] (CVE-2024-36387), pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-45143, CVE-2024-36137, CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2024-22018), pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-45143, CVE-2024-36137, CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2024-22018, CVE-2025-55132), pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [direct] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [direct] (CVE-2026-35386, CVE-2026-35387, CVE-2026-35388), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [direct] (CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2025-46835), pkg:rpm/redhat/nodejs-docs@16.19.1-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-45143, CVE-2024-36137, CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2024-22018), pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm [direct] (CVE-2022-41862), pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [direct] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [direct] (CVE-2025-70873), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [direct] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50846, CVE-2023-53639, CVE-2023-54153, CVE-2023-54267), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-11412, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-11839, CVE-2025-11840, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69652, CVE-2025-69645, CVE-2025-69646, CVE-2025-69651), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-40228), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-40228), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-34397), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl-devel@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2025-11412, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-11839, CVE-2025-11840, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69652, CVE-2025-69645, CVE-2025-69646, CVE-2025-69651), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50846, CVE-2023-53639, CVE-2023-54153, CVE-2023-54267), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-11412, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-11839, CVE-2025-11840, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69652, CVE-2025-69645, CVE-2025-69646, CVE-2025-69651), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-45143, CVE-2024-36137, CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2024-22018, CVE-2025-55132), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2025-55132), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-45143, CVE-2024-36137, CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2024-22018, CVE-2025-55132), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2025-55132), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-4016), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-35386, CVE-2026-35387, CVE-2026-35388), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-40228), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-4016), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50846, CVE-2023-53639, CVE-2023-54153, CVE-2023-54267), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-11412, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-11839, CVE-2025-11840, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69652, CVE-2025-69645, CVE-2025-69646, CVE-2025-69651), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libtiff-devel@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-6228), pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-6228), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-34397), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-35386, CVE-2026-35387, CVE-2026-35388), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-35386, CVE-2026-35387, CVE-2026-35388), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2025-46835), pkg:rpm/redhat/git-core@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2025-46835), pkg:rpm/redhat/perl-Git@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2025-46835), pkg:rpm/redhat/git-core-doc@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2025-46835), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50846, CVE-2023-53639, CVE-2023-54153, CVE-2023-54267), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-11412, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-11839, CVE-2025-11840, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69652, CVE-2025-69645, CVE-2025-69646, CVE-2025-69651), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-40228), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libpq@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2022-41862), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-40228), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-6228), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libxslt@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2025-11731), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2025-70873), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2026-3184)", "name": "rhtpa_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 72 } } ] } ] {"vulnerabilities":{"critical":14,"high":266,"medium":372,"low":72,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632", "digests": ["sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901"]}} {"result":"SUCCESS","timestamp":"2026-05-02T06:00:37+00:00","note":"Task tpa-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by TPA.","namespace":"default","successes":0,"failures":0,"warnings":0} New PipelineRun python-component-sukmsc-on-pull-request-2vxmt found after retrigger for component build-e2e-wqrk/python-component-sukmsc PipelineRun python-component-sukmsc-on-pull-request-2vxmt found for Component build-e2e-wqrk/python-component-sukmsc PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: ResolvingTaskRef PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Failed attempt 3/3: PipelineRun "python-component-sukmsc-on-pull-request-2vxmt" failed: pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: prepare 2026/05/02 06:01:15 Entrypoint initialization pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: place-scripts 2026/05/02 06:01:15 Decoded script /tekton/scripts/script-0-42c8p 2026/05/02 06:01:15 Decoded script /tekton/scripts/script-1-clsx6 pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1777701678.9782343,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701679.423236,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 9a58fff0b20b171aa9240228699291a7c9c1b6fd (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1777701679.4232862,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701679.4468265,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 9a58fff0b20b171aa9240228699291a7c9c1b6fd directly. pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-symlink-check: Running symlink check pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1) Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.J0N6ty/auth-CgZpio.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git SOURCE_ARTIFACT Uploading 30a0bd277a19 SOURCE_ARTIFACT Uploaded 30a0bd277a19 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:29b0286379e2717b11864360450387a73e9986f6be7c3627aab5854f910f9a93 Artifacts created pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: prepare 2026/05/02 06:02:02 Entrypoint initialization pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: place-scripts 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-1-wknqh 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-2-rhf2s 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-3-xkm58 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-4-hkg9r 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-5-n82hr pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras blob fetch --registry-config /tmp/use-oci.sh.OztHxz/auth-Sp4x4T.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-build: [2026-05-02T06:02:08,343082023+00:00] Validate context path [2026-05-02T06:02:08,346510359+00:00] Update CA trust [2026-05-02T06:02:08,347544486+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T06:02:12,240664532+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-02T06:02:12,248230526+00:00] Prepare system (architecture: x86_64) [2026-05-02T06:02:12,264402475+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/python-39:1-117.1684741281... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8a2e9815396eaa57b0dfe27b2dfc442417f06aa70974c358f198980b533c7942 Copying blob sha256:5465449a2ea5d8a7e05fa498c8ba35f0ce7714b0ad37e716961fca17dfa1ef13 Copying blob sha256:085efe85e9dfb0b3d5d2392e4b78660a3091bf1ded336315117a627fbdd0567d Copying blob sha256:a07d808ddf4404b3885fef6100142a973cc667b2c3c4abcf4db96508795b1efb Copying config sha256:45c8f23c11bb64f238236aaf5cbe05595778e1d4fb6c06109c6fcc0a6b57a45b Writing manifest to image destination Storing signatures [2026-05-02T06:02:42,835630513+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-05-02T06:02:12Z", "com.redhat.component": "python-39-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.buildpacks.stack.id": "com.redhat.stacks.ubi9-python-39", "io.k8s.description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "io.k8s.display-name": "Python 3.9", "io.openshift.expose-services": "8080:http", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,python,python39,python-39,rh-python39", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "SoftwareCollections.org <sclorg@redhat.com>", "name": "ubi9/python-39", "release": "117.1684741281", "summary": "Platform for building and running Python 3.9 applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi9/python-39/images/1-117.1684741281", "usage": "s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.9/test/setup-test-app/ ubi9/python-39 python-sample-app", "vcs-ref": "9a58fff0b20b171aa9240228699291a7c9c1b6fd", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1", "org.opencontainers.image.revision": "9a58fff0b20b171aa9240228699291a7c9c1b6fd", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/sample-multi-component", "quay.expires-after": "5d", "org.opencontainers.image.created": "2026-05-02T06:02:12Z" } [2026-05-02T06:02:42,939251206+00:00] Register sub-man Adding the entitlement to the build [2026-05-02T06:02:42,942342755+00:00] Add secrets [2026-05-02T06:02:42,958124691+00:00] Run buildah build [2026-05-02T06:02:42,959167684+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=9a58fff0b20b171aa9240228699291a7c9c1b6fd --label org.opencontainers.image.revision=9a58fff0b20b171aa9240228699291a7c9c1b6fd --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --label quay.expires-after=5d --label build-date=2026-05-02T06:02:12Z --label org.opencontainers.image.created=2026-05-02T06:02:12Z --annotation org.opencontainers.image.revision=9a58fff0b20b171aa9240228699291a7c9c1b6fd --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --annotation org.opencontainers.image.created=2026-05-02T06:02:12Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.xk9LA0 -t quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd . STEP 1/10: FROM registry.access.redhat.com/ubi9/python-39:1-117.1684741281 STEP 2/10: EXPOSE 8081/tcp STEP 3/10: ENV FLASK_PORT=8081 STEP 4/10: WORKDIR /projects STEP 5/10: COPY . . STEP 6/10: RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; elif [ `ls -1q *.txt | wc -l` == 1 ]; then pip install -r *.txt; fi Collecting Flask==2.3.3 Downloading flask-2.3.3-py3-none-any.whl (96 kB) Collecting blinker>=1.6.2 Downloading blinker-1.9.0-py3-none-any.whl (8.5 kB) Collecting importlib-metadata>=3.6.0 Downloading importlib_metadata-8.7.1-py3-none-any.whl (27 kB) Collecting Jinja2>=3.1.2 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) Collecting itsdangerous>=2.1.2 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting click>=8.1.3 Downloading click-8.1.8-py3-none-any.whl (98 kB) Collecting Werkzeug>=2.3.7 Downloading werkzeug-3.1.8-py3-none-any.whl (226 kB) Collecting zipp>=3.20 Downloading zipp-3.23.1-py3-none-any.whl (10 kB) Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (20 kB) Installing collected packages: zipp, MarkupSafe, Werkzeug, Jinja2, itsdangerous, importlib-metadata, click, blinker, Flask Successfully installed Flask-2.3.3 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.8 blinker-1.9.0 click-8.1.8 importlib-metadata-8.7.1 itsdangerous-2.2.0 zipp-3.23.1 WARNING: You are using pip version 21.3.1; however, version 26.0.1 is available. You should consider upgrading via the '/opt/app-root/bin/python3.9 -m pip install --upgrade pip' command. STEP 7/10: CMD [ "python", "./app.py" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="9a58fff0b20b171aa9240228699291a7c9c1b6fd" "org.opencontainers.image.revision"="9a58fff0b20b171aa9240228699291a7c9c1b6fd" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/sample-multi-component" "quay.expires-after"="5d" "build-date"="2026-05-02T06:02:12Z" "org.opencontainers.image.created"="2026-05-02T06:02:12Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd --> ca84e75f124f Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd ca84e75f124f87650d18f671c13714546ff668228556de54b4b53120968860cb [2026-05-02T06:02:48,359474036+00:00] Unsetting proxy [2026-05-02T06:02:48,360843489+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/python-39:1-117.1684741281 registry.access.redhat.com/ubi9/python-39:1-117.1684741281@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee Getting image source signatures Copying blob sha256:a3551a1f52c5788c9e4e19e7458ecd57b93554fb4cad127b13d61c73c13775e4 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying config sha256:ca84e75f124f87650d18f671c13714546ff668228556de54b4b53120968860cb Writing manifest to image destination [2026-05-02T06:03:22,157574695+00:00] End build pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-push: [2026-05-02T06:03:22,816503114+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T06:03:43,886667723+00:00] Convert image [2026-05-02T06:03:43,887746209+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-2vxmt-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd docker://quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-2vxmt-build-container Getting image source signatures Copying blob sha256:a3551a1f52c5788c9e4e19e7458ecd57b93554fb4cad127b13d61c73c13775e4 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-sbom-syft-generate: pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-prepare-sboms: pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-upload-sbom: pod: python-component-sukmsc-on-pull-request-2vxmt-init-pod | init container: prepare 2026/05/02 06:01:09 Entrypoint initialization pod: python-component-sukmsc-on-pull-request-2vxmt-init-pod | container step-init: time="2026-05-02T06:01:13Z" level=info msg="[param] enable: false" time="2026-05-02T06:01:13Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T06:01:13Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T06:01:13Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T06:01:13Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T06:01:13Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T06:01:13Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T06:01:13Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T06:01:13Z" level=info msg="[result] NO PROXY: " [FAILED] Expected success, but got an error: <*errors.errorString | 0xc001502b20>: pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: prepare 2026/05/02 06:01:15 Entrypoint initialization pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: place-scripts 2026/05/02 06:01:15 Decoded script /tekton/scripts/script-0-42c8p 2026/05/02 06:01:15 Decoded script /tekton/scripts/script-1-clsx6 pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1777701678.9782343,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701679.423236,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 9a58fff0b20b171aa9240228699291a7c9c1b6fd (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1777701679.4232862,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701679.4468265,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 9a58fff0b20b171aa9240228699291a7c9c1b6fd directly. pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-symlink-check: Running symlink check pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1) Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.J0N6ty/auth-CgZpio.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git SOURCE_ARTIFACT Uploading 30a0bd277a19 SOURCE_ARTIFACT Uploaded 30a0bd277a19 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:29b0286379e2717b11864360450387a73e9986f6be7c3627aab5854f910f9a93 Artifacts created pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: prepare 2026/05/02 06:02:02 Entrypoint initialization pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: place-scripts 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-1-wknqh 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-2-rhf2s 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-3-xkm58 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-4-hkg9r 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-5-n82hr pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras blob fetch --registry-config /tmp/use-oci.sh.OztHxz/auth-Sp4x4T.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-build: [2026-05-02T06:02:08,343082023+00:00] Validate context path [2026-05-02T06:02:08,346510359+00:00] Update CA trust [2026-05-02T06:02:08,347544486+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T06:02:12,240664532+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-02T06:02:12,248230526+00:00] Prepare system (architecture: x86_64) [2026-05-02T06:02:12,264402475+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/python-39:1-117.1684741281... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8a2e9815396eaa57b0dfe27b2dfc442417f06aa70974c358f198980b533c7942 Copying blob sha256:5465449a2ea5d8a7e05fa498c8ba35f0ce7714b0ad37e716961fca17dfa1ef13 Copying blob sha256:085efe85e9dfb0b3d5d2392e4b78660a3091bf1ded336315117a627fbdd0567d Copying blob sha256:a07d808ddf4404b3885fef6100142a973cc667b2c3c4abcf4db96508795b1efb Copying config sha256:45c8f23c11bb64f238236aaf5cbe05595778e1d4fb6c06109c6fcc0a6b57a45b Writing manifest to image destination Storing signatures [2026-05-02T06:02:42,835630513+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-05-02T06:02:12Z", "com.redhat.component": "python-39-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.buildpacks.stack.id": "com.redhat.stacks.ubi9-python-39", "io.k8s.description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "io.k8s.display-name": "Python 3.9", "io.openshift.expose-services": "8080:http", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,python,python39,python-39,rh-python39", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "SoftwareCollections.org <sclorg@redhat.com>", "name": "ubi9/python-39", "release": "117.1684741281", "summary": "Platform for building and running Python 3.9 applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi9/python-39/images/1-117.1684741281", "usage": "s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.9/test/setup-test-app/ ubi9/python-39 python-sample-app", "vcs-ref": "9a58fff0b20b171aa9240228699291a7c9c1b6fd", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1", "org.opencontainers.image.revision": "9a58fff0b20b171aa9240228699291a7c9c1b6fd", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/sample-multi-component", "quay.expires-after": "5d", "org.opencontainers.image.created": "2026-05-02T06:02:12Z" } [2026-05-02T06:02:42,939251206+00:00] Register sub-man Adding the entitlement to the build [2026-05-02T06:02:42,942342755+00:00] Add secrets [2026-05-02T06:02:42,958124691+00:00] Run buildah build [2026-05-02T06:02:42,959167684+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=9a58fff0b20b171aa9240228699291a7c9c1b6fd --label org.opencontainers.image.revision=9a58fff0b20b171aa9240228699291a7c9c1b6fd --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --label quay.expires-after=5d --label build-date=2026-05-02T06:02:12Z --label org.opencontainers.image.created=2026-05-02T06:02:12Z --annotation org.opencontainers.image.revision=9a58fff0b20b171aa9240228699291a7c9c1b6fd --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --annotation org.opencontainers.image.created=2026-05-02T06:02:12Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.xk9LA0 -t quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd . STEP 1/10: FROM registry.access.redhat.com/ubi9/python-39:1-117.1684741281 STEP 2/10: EXPOSE 8081/tcp STEP 3/10: ENV FLASK_PORT=8081 STEP 4/10: WORKDIR /projects STEP 5/10: COPY . . STEP 6/10: RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; elif [ `ls -1q *.txt | wc -l` == 1 ]; then pip install -r *.txt; fi Collecting Flask==2.3.3 Downloading flask-2.3.3-py3-none-any.whl (96 kB) Collecting blinker>=1.6.2 Downloading blinker-1.9.0-py3-none-any.whl (8.5 kB) Collecting importlib-metadata>=3.6.0 Downloading importlib_metadata-8.7.1-py3-none-any.whl (27 kB) Collecting Jinja2>=3.1.2 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) Collecting itsdangerous>=2.1.2 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting click>=8.1.3 Downloading click-8.1.8-py3-none-any.whl (98 kB) Collecting Werkzeug>=2.3.7 Downloading werkzeug-3.1.8-py3-none-any.whl (226 kB) Collecting zipp>=3.20 Downloading zipp-3.23.1-py3-none-any.whl (10 kB) Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (20 kB) Installing collected packages: zipp, MarkupSafe, Werkzeug, Jinja2, itsdangerous, importlib-metadata, click, blinker, Flask Successfully installed Flask-2.3.3 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.8 blinker-1.9.0 click-8.1.8 importlib-metadata-8.7.1 itsdangerous-2.2.0 zipp-3.23.1 WARNING: You are using pip version 21.3.1; however, version 26.0.1 is available. You should consider upgrading via the '/opt/app-root/bin/python3.9 -m pip install --upgrade pip' command. STEP 7/10: CMD [ "python", "./app.py" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="9a58fff0b20b171aa9240228699291a7c9c1b6fd" "org.opencontainers.image.revision"="9a58fff0b20b171aa9240228699291a7c9c1b6fd" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/sample-multi-component" "quay.expires-after"="5d" "build-date"="2026-05-02T06:02:12Z" "org.opencontainers.image.created"="2026-05-02T06:02:12Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd --> ca84e75f124f Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd ca84e75f124f87650d18f671c13714546ff668228556de54b4b53120968860cb [2026-05-02T06:02:48,359474036+00:00] Unsetting proxy [2026-05-02T06:02:48,360843489+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/python-39:1-117.1684741281 registry.access.redhat.com/ubi9/python-39:1-117.1684741281@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee Getting image source signatures Copying blob sha256:a3551a1f52c5788c9e4e19e7458ecd57b93554fb4cad127b13d61c73c13775e4 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying config sha256:ca84e75f124f87650d18f671c13714546ff668228556de54b4b53120968860cb Writing manifest to image destination [2026-05-02T06:03:22,157574695+00:00] End build pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-push: [2026-05-02T06:03:22,816503114+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T06:03:43,886667723+00:00] Convert image [2026-05-02T06:03:43,887746209+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-2vxmt-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd docker://quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-2vxmt-build-container Getting image source signatures Copying blob sha256:a3551a1f52c5788c9e4e19e7458ecd57b93554fb4cad127b13d61c73c13775e4 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-sbom-syft-generate: pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-prepare-sboms: pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-upload-sbom: pod: python-component-sukmsc-on-pull-request-2vxmt-init-pod | init container: prepare 2026/05/02 06:01:09 Entrypoint initialization pod: python-component-sukmsc-on-pull-request-2vxmt-init-pod | container step-init: time="2026-05-02T06:01:13Z" level=info msg="[param] enable: false" time="2026-05-02T06:01:13Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T06:01:13Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T06:01:13Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T06:01:13Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T06:01:13Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T06:01:13Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T06:01:13Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T06:01:13Z" level=info msg="[result] NO PROXY: " { s: "\n pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: prepare\n2026/05/02 06:01:15 Entrypoint initialization\n\n pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: place-scripts\n2026/05/02 06:01:15 Decoded script /tekton/scripts/script-0-42c8p\n2026/05/02 06:01:15 Decoded script /tekton/scripts/script-1-clsx6\n\npod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-clone: \nINFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt\n{\"level\":\"info\",\"ts\":1777701678.9782343,\"caller\":\"git/git.go:394\",\"msg\":\"Retrying operation (attempt 1)\"}\n{\"level\":\"info\",\"ts\":1777701679.423236,\"caller\":\"git/git.go:223\",\"msg\":\"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 9a58fff0b20b171aa9240228699291a7c9c1b6fd (grafted, HEAD) in path /var/workdir/source\"}\n{\"level\":\"info\",\"ts\":1777701679.4232862,\"caller\":\"git/git.go:394\",\"msg\":\"Retrying operation (attempt 1)\"}\n{\"level\":\"info\",\"ts\":1777701679.4468265,\"caller\":\"git/git.go:277\",\"msg\":\"Successfully initialized and updated submodules in path /var/workdir/source\"}\nMerge option disabled. Using checked-out revision 9a58fff0b20b171aa9240228699291a7c9c1b6fd directly.\n\npod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-symlink-check: \nRunning symlink check\n\npod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-create-trusted-artifact: \nPrepared artifact from /var/workdir/source (sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1)\nUsing token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc\nExecuting: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.J0N6ty/auth-CgZpio.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git SOURCE_ARTIFACT\nUploading 30a0bd277a19 SOURCE_ARTIFACT\nUploaded 30a0bd277a19 SOURCE_ARTIFACT\nPushed [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git\nArtifactType: application/vnd.unknown.artifact.v1\nDigest: sha256:29b0286379e2717b11864360450387a73e9986f6be7c3627aab5854f910f9a93\nArtifacts created\n\n\n pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: prepare\n2026/05/02 06:02:02 Entrypoint initialization\n\n pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: place-scripts\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-1-wknqh\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-2-rhf2s\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-3-xkm58\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-4-hkg9r\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-5-n82hr\n\npod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-use-trusted-artifact: \nUsing token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc\nExecuting: oras blob fetch --registry-config /tmp/use-oci.sh.OztHxz/auth-Sp4x4T.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 --output -\nRestored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 to /var/workdir/source\nWARN: artifact URI not provided, (given: =/var/workdir/cachi2)\n\n\npod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-build: \n[2026-05-02T06:02:08,343082023+00:00] Validate context path\n[2026-05-02T06:02:08,346510359+00:00] Update CA trust\n[2026-05-02T06:02:08,347544486+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt\n'/mnt/trusted-ca/ca-bundle.crt' -> ... Gomega truncated this representation as it exceeds 'format.MaxLength'. Consider having the object provide a custom 'GomegaStringer' representation or adjust the parameters in Gomega's 'format' package. Learn more here: https://onsi.github.io/gomega/#adjusting-output In [It] at: /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:161 @ 05/02/26 06:06:08.218 < Exit [It] the PipelineRun should eventually finish successfully for component python-component-sukmsc - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:159 @ 05/02/26 06:06:08.218 (23m26.122s) > Enter [AfterAll] test pac with multiple components using same repository - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:68 @ 05/02/26 06:06:08.219 < Exit [AfterAll] test pac with multiple components using same repository - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:68 @ 05/02/26 06:06:09.454 (1.235s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 06:06:09.454 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:28 @ 05/02/26 06:06:10.126 (672ms) [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:164 @ 05/02/26 06:06:10.24 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:174 @ 05/02/26 06:06:10.24 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:190 @ 05/02/26 06:06:10.24 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:205 @ 05/02/26 06:06:10.24 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:264 @ 05/02/26 06:06:10.241